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We show that constraint propagation in this manner can be represented by a datalog program 
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we extend the algorithm to FO(ID), the extension of FO with inductive definitions. Finally, we 
discuss several applications. 

Categories and Subject Descriptors: 1.2.4 [Artificial Intelligence]: Knowledge Representation 
Formalisms and Methods — Predicate Logic; F.4.1 [Mathematical Logic and Formal Lan- 
guages]: Mathematical Logic — Logic and Constraint Programming 

General Terms: Algorithms 

Additional Key Words and Phrases: first-order logic, constraint propagation, inductive definitions, 
aggregates 



1. INTRODUCTION 

An interesting trend in declarative problem solving is the growing overlap between 
research in constraint programming (CP), propositional satisfiability (SAT) and cer- 
tain subareas of knowledge representation and reasoning (KRR) . In CP, we witness 
the evolution towards more expressive, logic-like languages. The same evolution is 
also witnessed in the SAT community, where there is a growing interest in SAT 
modulo theories (SMT), i.e., solving satisfiability problems for a much richer lan- 
guage than propositional logic. In KRR, attention is shifting from deduction as 
main reasoning task towards other forms of inference. These evolutions are lead- 
ing to an apparent congruence between the problems and the languages studied in 
these areas. In CP, one searches for assignments to variables that satisfy certain 
constraints [Apt 2003]. While originally, variables ranged over finite atomic do- 
mains, in recent rich solver-independent CP-languages like ESSENCE [Frisch et al. 
2008] and Zinc [Marriott et al. 2008] , variables also range over complex types such 
as arrays and sets. There is a close match with the logical inference problem of 
finite model generation, in which structures (i.e., models) are searched interpreting 
a logical vocabulary consisting of constant, function and predicate symbols that 
satisfy a set of logical propositions. Not coincidentally, recently new approaches for 
search and optimization emerged that use expressive logics with origins in the area 
of knowledge representation and solve such problems through model generation in- 
ference. The approach was pioneered in Answer Set Programming (ASP) [Marek 
and Truszczyhski 1999; Baral 2003]; now also systems based on (extensions of) first 
order logic (FO) are available. The best solvers of this kind embrace technologies 
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from (mainly) SAT and offer superior modelling environments that already now 
prove particularly well-suited in knowledge-intense search or optimization problems 
of bounded size. The growing overlap between CP, SAT and KRR is further wit- 
nessed by recent efforts to include CP techniques in ASP [Mcllarkod ct al. 2008; 
Gebser et al. 2009], by the successful participation of the ASP solver CLASP in 
the SAT competition [Le Berre and Roussel 2009], and by the participation of the 
constraint logic programming system B-prolog in the ASP competition [Denecker 
ct al. 2009]. 

In this paper, we push the convergence between CP and KRR a step further by 
studying constraint propagation for classical first-order logic (FO). To this end, we 
first define constraint propagation for FO. Informally, for a given FO theory T and 
a finite partial structure /, constraint propagation boils down to computing facts 
that are certainly true or certainly false in every total structure that satisfies T 
and that "completes" /. To illustrate this definition, consider a database applica- 
tion allowing university students to compose their curriculum by selecting certain 
didactic modules and courses. Assume that amongst others, the following integrity 
constraints are imposed on the selections: 



Vc (Course(c) A 3m (Module(m) A Selected{m) A In(c,m)) =>■ Selected(c). (3) 

The first constraint states that mutually exclusive components cannot be selected 
both, the second one expresses that at least one module should be taken and the 
third one ensures that all courses of a selected module are selected. Consider a 
situation where there are, amongst others, two mutually exclusive courses c\ and C2, 
that ci belongs to a certain module mi, and that at some point in the application, 
the student has selected mi and is still undecided about the other courses and 
modules. That is, an incomplete database or partial structure is given. One can 
check that in every total selection that completes this partial selection and satisfies 
the constraints, ci will be selected, C2 will not be selected, and no module containing 
C2 will be selected. Constraint propagation for FO aims to derive these facts. 

Given a theory T and a partial structure /, computing all the models of T that 
complete /, and making facts true (respectively false) that are true (respectively 
false) in all these models yields the most precise results. However, it is in general 
too expensive to perform constraint propagation in this way. The constraint prop- 
agation algorithm we present in this paper is less precise, but, for a fixed theory 
T, runs in polynomial time in the domain size of /. The algorithm consists of two 
steps. First, T is rewritten in linear time to an equivalent theory T' such that for 
each constraint in T', there exists a precise polynomial-time propagator. In the 
second step, these propagators are successively applied, yielding polynomial-time 
propagation for T', and hence for T. 

Besides its polynomial-time data complexity, our algorithm has two other ben- 
efits. First, the propagation can be represented by a set of (negation-free) rules 
under a least model semantics. Such sets of rules occur frequently in logic-based 
formalisms. Examples are Prolog, Datalog, Stable Logic Programming [Marek and 
Truszczyfiski 1999; Niemela 1999], FO extended with inductive definitions [De- 
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necker and Ternovska 2008], and production rule systems [Forgy 1979]. As a conse- 
quence, many of the theoretical and practical results obtained for these formalisms 
can be applied to study properties of our method, as well as to implement it ef- 
ficiently. Secondly, it is possible to execute the propagation symbolically, i.e., in- 
dependently of the given partial structure. Symbolic propagation is useful in, e.g., 
applications where the partial structure is subject to frequent changes. 

As can be deduced from many logics developed in KRR and CP, (inductive) 
definitions and aggregates are two concepts that are crucial to model many real- 
life applications. Yet in general, these concepts cannot be expressed in FO. To 
broaden the applicability of our propagation algorithm, we extend it to FO(ID), 
the extension of FO with inductive definitions [Denecker and Ternovska 2008]. An 
extension to aggregates is discussed in Appendix A. 

In the last part of this paper, we sketch several applications of our propagation 
algorithm, namely model generation, preprocessing for grounding, configuration, 
approximate query answering in incomplete databases and conformant planning. 

This paper is an extended and improved presentation of [Wittocx et al. 2008a] . It 
describes (part of) the theoretical foundation for applications presented in [Wittocx 
et al. 2010; Wittocx et al. 2009; Vlaeminck et al. 2010; Vlaeminck et al. 2009]. A 
less densely written version of this paper is part of the PhD thesis of the first author 
[Wittocx 2010]. 

2. PRELIMINARIES 

We assume the reader is familiar with classical first-order logic (FO). In this section, 
we introduce the notations and conventions used throughout this paper and we 
recall definitions and results about three- and four-valued structures and constraint 
satisfaction problems. 

2.1 First-Order Logic 

A vocabulary E is a finite set of predicate and function symbols, each with an 
associated arity. We often denote a symbol S with arity n by S/n. A Yi-structure 
I consists of a domain D, an assignment of a relation P 1 C D n to each predicate 
symbol P/n € S, and an assignment of a function F 1 : D n — > D to each function 
symbol F/n eS. If / is a E-structure and E' C E, wc denote by the restriction 
of / to the symbols of E'. If Si and E 2 are two disjoint vocabularies, I a Ei- 
structure with domain D, and J a E 2 -structure with the same domain, then I + J 
denotes the unique (Si U E 2 )-structure with domain D such that (/ + J)^ = / 
and (1 + J)| E2 = J. 

Variables are denoted by lowercase letters. We use x, y, . . . , to denote both 
sets and tuples of variables. A variable assignment with domain D is a function 
mapping variables to domain elements in D. If 6 is a variable assignment, x a 
variable and d a domain element, 9[x/d] denotes the variable assignment that maps 
x to d and corresponds to 9 on all other variables. This notation is extended to 
tuples of variables and domain elements of the same length. 

Terms and formulas over a vocabulary E are defined as usual. We use (ip => ijj) 
and (ip ip) as shorthands for, respectively, the formulas (-up V ip) and ((ip => 
ip) A (ip => <p)). If x and y are, respectively, the tuples of variables (xi, . . . , x n ) and 
(yi, . . . , y n ), then x ^ y is a shorthand for the formula (x\ ^ y\) V . . . V (x n ^ y n ). 
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Often, we denote a formula <p by tp[x] to indicate that x is precisely the set of free 
variables of ip. That is, if y £ x, then y has at least one occurrence in ip outside 
the scope of quantifiers Vy and By. A formula without free variables is called a 
sentence. If ip is a formula, x a variable and t a term, then ip[x/t] denotes the result 
of replacing all free occurrences of x in p by t. This notation is extended to tuples 
of variables and terms of the same length. We write 16 \= ip to say that a formula 
(p evaluates to true in the structure I under the variable assignment 9. If all free 
variables of a formula <p are among the set of variables x, variable assignment 9 is 
irrelevant in an expression of the form I9[x/d] \= p, and therefore omitted. 

A query is an expression of the form {x \ p[y}}, where ip is a formula and y C 
x. Such a query corresponds to the Boolean lambda expression Xx.p[y]. The 
interpretation {x \ p\y\Y of query {x \ p[y}} in structure / is the set {d \ I[x/d] \= 
</>}■ 

Two formulas (pi and p 2 are equisatisfiable if <p\ is satisfiable iff p 2 is satisfiablc. 
Clearly, if <p\ and p 2 are logically equivalent, then they are also equisatisfiable. The 
following form of equivalence lies in between logical equivalence and equisatisfiabil- 
ity. 

Definition 2.1. Let Si and E 2 be two vocabularies that share a common subvo- 
cabulary E and let <p\ and <p 2 be sentences over, respectively, Ei and E 2 . Then p>\ 
and p>2 are S- equivalent if for any S-structure /, there exists an expansion M\ of 
/ to Si such that M\ \= <pi iff there exists an expansion M 2 of / to S 2 such that 
M 2 \= ip 2 . 

The following proposition presents a method to rewrite sentences to S-equivalent 
sentences. This rewriting method is called predicate introduction, and is applied in, 
e.g., the well-known Tseitin [1968] transformation. 

Proposition 2.2. Let p be a sentence over a vocabulary X and let ip[x] be a 
subformula of p with n free variables. Let P/n be a new predicate symbol and 
denote by p>' the result of replacing tp[x] by P(x) in p. Then p' A Vx(P(x) 4=> tp[x]) 
is Yj-equivalent to p. 

In the rest of this paper, we facilitate the presentation by assuming that vo- 
cabularies do not contain function symbols. The following proposition sketches a 
method to remove function symbols from a theory. 

Proposition 2.3. Let T be a theory over a vocabulary E. Then there exists a 
theory T' over a function-free vocabulary £' such that there is a one-to-one cor- 
respondence between the models of T and the models of T' . Moreover, T' can be 
constructed in linear time in the size of T. 

The vocabulary £' mentioned in the proposition can be obtained from E by re- 
moving all function symbols and adding a new (n+ l)-ary predicate symbol Pp for 
each n-ary function symbol FeS. Theory T' is obtained from T by adding the 
sentences 

Mx3y P F (x,y), 

VxVyiVy 2 (Pf(x, yi) A P F (x, y 2 ) => yi = y 2 ), 
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Fig. 1. The truth and precision order. According to the truth axis, we have, e.g., f <t u; according 
to the precision axis, we have, e.g., u < p f. 

for each of the introduced predicate symbols Pp, by moving all function sym- 
bols outside predicates using the standard equivalence-preserving rewrite rules, 
and finally replacing all atoms of the form F(x) = y by Pp(x,y). Let I be a 
E-structure and I' be the E'-structure defined by P 1 = P 1 for each P E EflE' 
and Pp = {d, d' | F I (d) = d'} for each function symbol F € E. Then / is a model 
of T iff /' is a model of T' . Moreover, each model of T' can be obtained from a 
model of T in this manner. 

Example 2.4. Applying the sketched transformation on a theory containing the 
sentence Selected (C), produces a theory containing the sentences 

3y P c (y); 

VyiVi/2 (Pc(yi) a Pc (2/2) yi = 2/2); 
Va; {P c {x) => Selected (x)). 

2.2 Three- and Four-Valued Structures 

In this section we present three- and four-valued structures. In these structures it 
is possible to express partial and inconsistent information. 

2.2.1 Four- Valued Structures. Bclnap [1977] introduced a four- valued logic with 
truth values true, false, unknown, and inconsistent which we denote by, respectively, 
t, f, u and i. For a truth value v, the inverse value v _1 is defined by t _1 = f, 
f -1 = t, u _1 = u and i~ = i. Belnap distinguished two orders, the truth order 
<t and the precision order < p , also called knowledge order. They are defined in 
Figure 1. The reflexive closure of these orders is denoted by < t , respectively < p . 

Let E be a (function-free) vocabulary. A four-valued S-structure / consists of 
a domain D and a function P 1 : D n — > {t,f, u, i} for every P/n <G E. We say 
that a four- valued structure / is three-valued when P 1 (d) ^ i for any P <G E and 
tuple of domain elements d. A structure / is two-valued when it is three-valued 
and P I {d) ^ u for every P and d. We call a four- valued structure I strictly three- 
valued if it is three-valued but not two-valued. Likewise, a structure is strictly 
four-valued if it is four-valued but not three-valued. A four- valued structure / that 
is two- valued can be identified with the standard FO structure / for which for every 
predicate symbol P and tuple of domain elements d, d G P 1 iff P 1 (d) = t. In the 
rest of the paper, when we refer to a structure / (without tilde) we mean a two- 
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valued structure, while I means a four-valued structure (which possibly is three- or 
two- valued) . 

The precision order extends to structures: if I and J are two E-structures, / < p J 
if for every predicate symbol P and tuple of domain elements d, P 1 (d) < p P J (d). 
Similarly, the truth order is extended to structures. 

The most precise E-structurc with domain D is denoted by T^. P D and assigns 

P T ^ P o (rf) = i to every predicate symbol P/neS and d G D n . Vice versa, the least 
precise structure -L^^ assigns P (d) = u. We omit D and/or E from -L^^ and 
T^ P £, if they are clear from the context. If a two- valued structure / is more precise 

than a three-valued structure I, we say that I approximates I. 

The size \I\ of a structure I is defined as the cardinality of the domain of I. This 
definition is precise enough for the complexity results in this paper. 

A domain atom over a structure I with domain D is a pair of an n-tuplc d of 
domain elements and an n-ary predicate symbol. We denote such a domain atom 
by P(d). For a truth value v and domain atom P(d), we denote by I[P(d)/v] the 
structure that assigns P 1 \d) = v and corresponds to / on the rest of the vocabulary. 

A domain literal is a domain atom P{d) or the negation ~^P(d) of a domain atom. 
By I[^P(d)/v] we denote the structure I[P(d)/v~ 1 ]. This notation is extended to 
sets of domain literals: if U is the set {L 1; . . . , L n } of domain literals, I[U/v] denotes 
the structure I[L\/v] ■ ■ ■ [L n /v]. 

The value of a formula ip in a four-valued structure / with domain D under 
variable assignment 9 is defined by structural induction: 

- I6{P{x)) = P ! (e(x)); 

- ietv) = (ieiip))- 1 -, 

- 7%MV) = glb< t {/%>),/0W}; 

- 7%>VV) = lub<JJ0(^),J0(VO}; 

- I9(\fx V ) = glb< t {I6[x/d}(<p) \deD}; 

- I9(3x if) = \ub< t {I9[x/d](p) \ deD}. 

When I is a three-valued structure, this corresponds to the standard Kleene [1952] 
semantics. 

If I is three-valued, then 19(<p) ^ i for every formula p and variable assignment 
9. If I is two-valued, then I9(p) G {t, f}. Also, if I is two- valued, then I8(ip) = t iff 
19 \= p. We omit 9 and/or [x/d] from an expression of the form I9[x/d] (p) when 
they are irrelevant. 

If p is a formula and I and J arc two structures such that I < p J, then also 
10{<p) <p J0{p) for every 9. If p is a formula that does not contain negations and 
I < t J, then also I9(p) < t J9(p) for every 9. 

Four-valued structures can be defined over vocabularies containing function sym- 
bols. For each such a structure I, there exists a structure I' over a function-free 
vocabulary such that there is a one-to-one correspondence between the two-valued 
structures approximated by / and the two- valued structures approximated by 
In combination with Proposition 2.3, this allows to apply all results in the rest of 
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this paper in a context where function symbols are present. We refer the reader 
to [Wittocx 2010] for details. 

2.2.2 Encoding Four- Valued Structures by Two- Valued Structures. A standard 
way to encode a four-valued structure I over a vocabulary £ is by a two-valued 
structure tf (I) over a vocabulary tf (£) containing two symbols P ct and P c f for each 
symbol PeS. The interpretation of P ct , respectively P c f , in tf(7) represents what 
is certainly true, respectively certainly false, in P 1 . Formally, for a vocabulary £ 
and S-structure I, tf(E) denotes the vocabulary {P c t/n \ P/n G £} U {P c i/n \ 

P/n e £} and the tf (E)-structure tf(7) is defined by P c \ f(/) = (d | P 1 (d) > p t} and 
P^ = (d | P ! (d) > p f} for every PeS. 

Observe that I is three-valued iff P*t^ and ^tf ^ are disjoint for any PeS;I 
is two-valued iff for every P/n e S, P* t f(J) and P<! f ^ are each others complement 
in D n . Also, if J < p J, then P c \ f(/) C P c \ f(J) and P* f f(7) C P* f f(7) . Therefore I < p J 
iff tf(J) < t tf(J). 

The value of a formula </? in a structure I can be obtained by computing the value 
of two formulas over tf(S) in tf(J). Define for a formula tp over S the formulas </? c t 
and if c f over tf (£) by simultaneous induction: 

- (P(x))ct - Pct(S) and (P(ss)) rf - Pcf(x); 

- (-i^)ct = <Pcf and (-Kp) c f = ipct; 

- (V A V)ct = Vet A Vet and A V)cf = Vcf V ip ci ; 

- (<p V V)ct = Vet V Vet and (<p V V)cf = ¥>cf A Vet; 

- (Vx (^) ct = Vx y> ct and (Vx <^) cf = 3a; y? cf ; 

- (3x tp) ct = 3x p ct and (3a; p) ci = Vx p cf . 

The intuition is that p c t denotes a formula that is true iff p is certainly true while ip c f 
is a formula that is true iff <p is certainly false. This explains, e.g., the definition 
("■V^ct = Pcf- ~^P is certainly true iff p> is certainly false. As another example, 
(ip A V) c f = Pcf V ipef states that (p A V) is certainly false if p or ip is certainly false. 

For a pair of formulas (y>i , ip 2 ), a structure I and variable assignment 0, we denote 
the pair of truth values (I9(pi), I0(p 2 )) by I0(pi,p 2 ). We identify the pairs (t, f), 
(f, t), (f, f) and (t,t) with, respectively, the truth values t, f, u and i. Intuitively, 
the first value in the pairs states whether something is certainly true, the second 
value whether it is certainly false. It follows that, e.g., (t,f) corresponds to saying 
that something is certainly true and not certainly false and therefore identifies with 
t. Using these equalities, the next proposition expresses that the value of a formula 
in a four-valued structure I can be computed by evaluating p ct and p c f in the 
two- valued structure tf(7). 

PROPOSITION 2.5 [Feferman 1984]. For every formula p, structure I, and 
variable assignment 9, 19(<p) — tf (I)9(p ctl <p c f ). 

It follows from Proposition 2.5 and from the fact that it can be decided in poly- 
nomial time in |/| whether a finite two- valued structure / satisfies a formula, that 
19 (p) can be computed in polynomial time in |/| for any finite four- valued struc- 
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ture J. Another interesting property of the formulas ip ct and ip c [ is stated in the 
following proposition. 

Proposition 2.6. For every formula if , neither ip ct nor ip c f contain a 
2.3 Constraint Programming 

We now recall some definitions from Constraint Programming (CP). Let S be a se- 
quence (vi, . . . , v n ) of variables. A constraint on S is a set of n-tuples. A constraint 
satisfaction problem (CSP) is a tuple (C, V, dom) of a set V of variables, a mapping 
dom of variables in V to domains, and a set C of constraints on finite sequences of 
variables from V. A solution to (C, V, dom) is a function d, mapping each variable v 
of V to a value d(v) € dom(v) such that (d(v\), . . . ,d(v n )) e C for each constraint 
C e C on sequence (ui, . . . , w„). Two CSPs sharing the same variables are called 
equivalent if they have the same solutions. 

A propagator (also called a constraint solver) is a function mapping CSPs to 
equivalent CSPs. A propagator is called domain reducing if it retains the constraints 
of a CSP and does not increase its domains. That is, if propagator O is domain 
reducing and 0((C\, V, dom\)) = (C2, V, dom2), then C2 = C\ and for every v G V , 
dom2{v) C dom\{v). In this paper, we only consider domain reducing propagators. 

We refer to the book of Apt [2003] for a comprehensive introduction to CP. To 
avoid confusion between variables in the context of FO and variables of a CSP, we 
call the latter constraint variables in the rest of this paper. 1 

3. CONSTRAINT PROPAGATION FOR LOGIC THEORIES 

In this section, we transfer some terminology and well-known results from CP to 
(first-order) logic theories. We rely on the property that for every pair of a finite 
structure / and a theory T, there exists a CSP V such that there is a one-to-one 
correspondence between the models of T approximated by I and the solutions of 
V. 2 

3.1 From a Model Generation Problem to a CSP 

For the rest of this section, let T be a logic theory over vocabulary £ and / a 
four-valued S-structure with domain D. If I is finite, then the pair (T, I) has a 
corresponding CSP which is denoted by (Ct, Vj, domf) and defined as follows. The 
set of constraint variables Vj is defined as the set of all domain atoms over S and 
D. We assume a fixed total order on Vj and call the ith element in that order 
the ith domain atom. The domain domj{P(d)) associated to domain atom P(d) is 



1 In fact, constraint variables correspond to 0-ary function symbols, i.e., constant symbols, in the 
context of FO. 

2 The inverse property also holds: for each finite CSP (C, V, dom), there exists a first-order logic 
theory T and finite structure I such that there is a one-to-one correspondence between the solutions 
of the CSP and the models of T approximated by /. The theory T and structure / can be 
constructed by introducing a constant c v for every v S V and a predicate Pq for every C 6 C. 
Theory T is then defined by {Pc(c vi , ■ ■ ■ ,c Vn ) | C £ C is a constraint on (vi, ■ ■ ■ ,v n ) }, while / 
assigns C to Pq and allows each c v to take a value in dom(v) [Wittocx 2010, page 97]. 
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defined by 

'{t,f} ifP / (d)=u, 

d om i{ P(d))= <*> ifP ^ =t ' 
7V V " j {f} if P'{d) =f, 

J ifP 7 (d) = i. 

Given a tuple v e {t, f}^!, 7 V denotes the S-structure with domain D such that 
for every P and d, d e P /v iff P(d) is the ith domain atom and the zth truth value 
in v is t. Finally, Ct is the singleton set containing the constraint that consists of 
the set of tuples v e {t, f}l v -H such that 1^ \= T. It follows immediately that v is a 
solution to {Ct, Vj, domj) iff I v \= T and I < p 7 V . 

3.2 Propagators 

A structure I can be seen as approximating some models of T, namely all two- 
valued structures M such that I < p M and M \= T. The goal of constraint 
propagation for T is then to find a better approximation of these models, i.e., one 
that is more precise than 7. We call an operator on the class of four-valued E- 
structures a propagator for T if it performs constraint propagation for T. Formally, 

is a propagator for T if the following two conditions are met: 

(1) O is inflationary with respect to < p . That is, / < p 0(1) for every structure /. 

(2) For every model M of T such that I < p M, also 0(7) < p M. 

The first condition states that by applying an operator no information is lost. The 
second condition states that no models of T approximated by I are lost. Note that 
for a propagator O it follows from the definition above that 7 and 0(7) must have 
the same domain. 

The following proposition relates the definition of a propagator for T to the defi- 
nition of propagator in the context of CP. The proof of the proposition is straight- 
forward. 

PROPOSITION 3.1. Let O is a propagator for T , D a finite set, andC be the class 
of CSPs of the form {Cr,Vf, domj), where I has domain D. Then the operator 
f on C defined by f{{CT,Vj,domj)) = {Ct,Vj, dom ^), is a domain reducing 
propagator. 

A propagator O is called monotone if for every two structures I and J such that 

1 < p J, also 0(7) < p 0(J) holds. An example of a monotone propagator is the 
inconsistency propagator INCO, defined by 



inco(7) = 



I if I is three-valued 
T- p otherwise 



A propagator O for T is inducing for T if for every two-valued structure I such 
that iy=T , 0(7) is strictly four- valued, i.e., it recognizes that 7 is not a model and 
assigns i to at least one domain element. 

Note that the composition of two propagators is a propagator itself. 

Lemma 3.2. 7/Ti andT 2 are theories over the same vocabulary, 0\ is a propa- 
gator for T\ and O2 a propagator for T 2 , then 0\ o O2 is a propagator for T\ U T 2 . 
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It is easy to check that the composition of two monotone propagators is a monotone 
propagator. Also, if 0\ is inducing for T\ and 2 is inducing for T 2 , then 0\ o 2 
is inducing for T\ U T 2 • 

From the definition of propagator, it follows that two logically equivalent theo- 
ries have the same propagators. For E-equivalent theories, we have the following 
property. 

Proposition 3.3. Let E and £' be two vocabularies such that ECS' and let T 
and T' be E- equivalent theories over E, respectively E'. Let O 1 be an operator on E' 
structures and define the operator O on ^.-structures by 0(1) = 0'(/ + _L^ e )|e 

for any T,-structure L. If O' is a propagator for T' , then O is a propagator for T. 
If O' is monotone, then O is monotone as well. 

3.3 Refinement Sequences 

If V is a set of propagators for T, Lemma 3.2 ensures that constraint propagation 
for T can be performed by starting from I and successively applying propagators 
from V. We then get a sequence of increasingly precise four-valued structures. If 
such a sequence is strictly increasing in precision, we call it a V -refinement sequence 
from I. 

Definition 3.4. Let V be a set of propagators for T. We call a (possibly transfi- 
nite) sequence ( ^{)o<{<a of four-valued structures a V -refinement sequence from I 
if 

- Jo = /, 

- J| + i = O(Jj) for some OeV, 

- < p J^+i for every < £ < a, 

- and J\ = lub< p ({J^ | £ < A}) for every limit ordinals A < a. 

In the CP literature, refinement sequences are sometimes called derivations, and 
constructing a derivation is called constraint propagation. Since refinement se- 
quences are strictly increasing in precision, it follows that every refinement sequence 
from a finite structure I is finite. Moreover: 

Proposition 3.5. For any fixed set of propagators V ', the length of a V -refinement 
sequence from a finite structure I is polynomial in |/|. 

A refinement sequence is stabilizing if it cannot be extended anymore. The last 
structure in a stabilizing refinement sequence is called the limit of the sequence. A 
well-known result (see, e.g., Lemma 7.8 in [Apt 2003]) states: 

Proposition 3.6. Let V be a set of monotone propagators for T and let I be a 
structure. Then every stabilizing V -refinement sequence from I has the same limit. 

If V only contains monotone propagators, we denote by limy the operator that 
maps every finite structure to the unique limit of any stabilizing V-refinement se- 
quence from finite structure /. From Lemma 3.2 it follows that limy is a propagator. 

Besides monotonicity, other properties of propagators, e.g., idempotence, may be 
taken into account by algorithms to efficiently construct refinement sequences. Apt 
[1999a] provides a general overview of such properties and algorithms. 
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3.4 Complete Propagators 

The complete propagator for a theory T is the propagator that yields the most 
precise structures. This propagator is denoted by G T and defined by 

ff T {I) = glb< p ({M | 7 < p M and M |= T}) . 

The following properties hold for T : 

Proposition 3.7. For every theory T, G T is a monotone propagator. 

PROPOSITION 3.8. Let O be a propagator for T and I a structure. Then 0(1) < p 
T (I). That is, G T is the most precise propagator. 

Example 3.9. Let S = {Module /l, Selected /l, In /2, MutExcl /2} and let 7n be 
the S-structure with domain {mi, m 2 , Ci, C2, C3, C4} that is two- valued on all symbols 
except Selected , and that is given by 

Module 1 " = {m l7 m 2 }, 

SWected* f t (/o) = { Cl }, 

In Ia = {(ci,mi), (c 3 ,mi), (c 2 ,m 2 )} 

This structure expresses that course Ci is certainly selected, while it is unknown 
whether other modules or courses are selected. Let T\ be the theory that consists 
of the sentences (l)-(3) from the introduction. Then structure Ti (Iq) assigns 

Selected^ ff — {mi, 01,03} and Selected 1 ^ ^"^ = {m 2 ,c 2 }. Indeed, be- 

cause ci is selected according to Iq, we can derive from (1) that c 2 cannot be 
selected. Next, (3) implies that module m 2 cannot be selected. It then follows 
from (2) that mi must be selected. This implies in turn that C3 must be selected. 
No information about C4 can be derived since both Tx (Io)[S 'elected (04) /t] and 
Tl (I Q ) [Selected (ci )/f] are models of T x . 

Observe that if T has no models approximated by I, then & T (I) = T- p . Note 
that this is the case if I is strictly four- valued. Therefore, the problem of deciding 
whether a given domain atom is inconsistent in & T (I) is at least as hard as deciding 
whether T has a model approximated by I. If T is an FO theory, the latter problem 
is intractable: for a fixed T and varying finite structures I it is NP-complete [Fagin 
1974], for infinite structures I, it is undecidable. Consequently, computing \T) 
for a fixed FO theory T and varying finite structures I is intractable. 

Similarly as for theories, we associate to each sentence ip the monotone propagator 
{7"?, which maps a structure / to the most precise approximation of ip from 7. That 
is, 

^(7) - glb< p ({M I 7 < p M and M \= p}) . 

Observe that for any sentence tp implied by T, G T (T) is more precise than ff v (I), 
since 

{ J I 7 < p J and J \=T} C {J \ I < p J and J \= p} 
As such, we obtain the following proposition. 

ACM Transactions on Computational Logic, Vol. V, No. N, June 2011. 



MutExcl 10 = {(ci,c 2 )}, 
Selected * f f (/o) = 0, 



12 • J. Wittocx, M. Denecker and M. Bruynooghe 



Proposition 3.10. IfT\=tp, then V is a monotone propagator for T . 

In particular, il ip e T, then V is a monotone propagator for T. 

From Proposition 3.6 and Proposition 3.10 it follows that every stabilizing {ff v \ 
ip E T}-refinement sequence from finite structure / has the same limit. We denote 
the propagator limj^^i^gx} by Jz?t- We call a \ ip e T}-rcfinement sequence 
also a T -refinement sequence. 

Example 3.11. Let Iq and T\ be as in Example 3.9. Let (/j)o<i<4 be the T\- 
rcfincment sequence from I obtained by applying (in this order) the propagators 
@(X) j ^( 3 ) ; ^( 2 ) and i^ 3 ). A reasoning similar to the one we made in Example 3.9 

shows that c-i <G Selectecf^ 11 ^, m2 G Selected^ 1 ^, mi <G Selectecf^ 1 ^ and C3 £ 

S elected^ 1 ^ ■ Hence, I4 — Tl (I o ), the refinement sequence is stabilizing and 

J? Tl (k) = T Hio)- 

Example 3.12. Let T be the theory {P^Q,P <=> ^g}. Then ^ T (_L^f) = T^f 
and ^ T (-L- p ) = -L- p - 

As Example 3.12 shows, it is not necessarily the case that J&r{I) = @ T (X)- In 
general, only j£? T (/) < p ^ T (/) holds. Note that JSf T (7) = ^ T (7) holds if T contains 
precisely one sentence. 

4. POLYNOMIAL PROPAGATION FOR FIRST-ORDER LOGIC 

In the previous section, we introduced the idea of refining a four valued structure 
I by propagation. In this section, we introduce a constraint propagation method 
for FO theories T that is computationally less expensive than applying T or com- 
puting a (stabilizing) T-refinement sequence. The method we propose is based on 
implicational normal form propagators (INF propagators). These propagators have 
several interesting properties. First, they are monotone, ensuring that stabilizing 
refinement sequences constructed using only INF propagators have a unique limit. 
Secondly, INF propagators have polynomial-time data complexity and therefore 
stabilizing refinement sequences using only INF propagators can be computed in 
polynomial time. Thirdly, such a refinement sequence can be represented by a set 
of positive, i.e., negation- free, rules, which makes it possible to use, e.g., logic pro- 
gramming systems to compute the result of propagation. Finally, INF propagators 
can be applied in a symbolic way, i.e., independent of a four- valued input structure. 

4.1 Implicational Normal Form Propagators 

INF propagators are associated to FO sentences in implicational normal form. 

Definition 4.1. An FO sentence is in implicational normal form (INF) if it is of 
the form (ip => L[x]), where tp is an arbitrary formula with free variables among 
x and L a literal with free variables x. 

For an INF sentence Vx (ip =>■ L\x]) 1 the associated INF propagator computes the 
value of ip in the given structure. If this value is t or i, the literal L[x] is made 
true (or inconsistent if it was false or inconsistent in the given structure). This is 
formalized in the following definition. 
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Definition 4.2. The operator associated to the sentence <p := Vx (ip P(x)) 
is defined by 



lub< p {t, P' 1 (d x )} if Q = P and I[x/d x ](i>) > P t 
Q I (d x ) otherwise 



The operator J !v associated to the sentence ip := Vx (tp =>■ ^P(x)) is defined by 



lub< p {f, P f (rf x )} if Q = P and /[x/dx]^) > P t 
Q I (d x ) otherwise 



Example 4.3. Sentence (3) of the introduction is an INF sentence. Let 7 be a 
structure such that Course 1 (ci), Module 1 (mi), Selected 1 (mi), and 7n J (ci, mi) are 
true. Then according to the definition of J^ 3 ), Selected ^ (3) ^\ci) > p t. That is, 
if module mi is certainly selected and course Ci certainly belongs to m 1; then the 
operator J^ 3 ) associated to sentence (3) derives that ci is certainly selected. Note 
that this operator does not perform contrapositive propagation. For instance, if m-^ 
is a module, C2 a course, In 1 '(02,771,2) = t and Selected 1 (02) = f, the operator does 
not derive that 7772 is certainly not selected. 

Proposition 4.4. For every INF sentence ip, is a monotone propagator. 

As mentioned in Section 2.2.2, evaluating a formula in a finite four-valued struc- 
ture 7 takes polynomial time in |7|. It follows that for a fixed INF sentence ip and 
finite structure 7, computing J? V (T) takes polynomial time in |7|. If we combine 
this result with Proposition 3.5, we obtain the following theorem. 

Theorem 4.5. LetV be a fixed finite set of 'INF sentences. Then lim^y v ^ veV j (I) 
is computable in polynomial time in \I\ for every finite structure I. 

Proof. Let tpi,...,tp n be all sentences in V. Let (Ji)o<i< m be the longest 
sequence of structures such that Jo = I and J i+i = y Vk (Jj), where k is the lowest 
number between 1 and n such that Jj 7^ J^ ipk (J i ). Clearly, (Ji)o<i< m is a stabilizing 
I (p G Vl-rcfinemcnt sequence from /. Proposition 3.5 implies that the length 
of this sequence is polynomial in |7|. Also, for each i > 0, J i+ i can be computed 
in polynomial time in |7|: it suffices to compute y vi (Ji), . . . , J" fn (Ji), and each 
.y pk (Ji), 1 < k < 77, can be computed in polynomial time in \ Ji\ = \I\. Hence 
(Ji)o<i<m can be computed in polynomial time in |7|. □ 

4.2 Representing INF Refinement Sequences by a Positive Rule Set 

For the rest of this section, let V be a finite set of INF sentences and denote by J^( V) 
the set {.y^ I (p € V"}. We now show how to represent the propagator lim j?(v) by a 
set A of rules, in the sense that for every structure lim y(v) (I) corresponds to a least 
model of A. As mentioned in the introduction, the benefit of this representation is 
that sets of rules with a least model semantics are a basic component in many logic- 
based reasoning formalisms such as Prolog, Datalog, Stable Logic Programming 
and FO(ID). Hence, many of the theoretical and practical research results in these 
areas can be applied to study the properties of lim y(v) and to easily obtain efficient 
implementations. 
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A rule set over vocabulary E is a finite set of rules of the form 

Vx (P(x) <- <p[y]), 

where P e E, ip is a formula over E, and y Qx. The atom P(x) is called the /lead 
of the rule, ip the body. The connective ' is called definitional implication and is 
to be distinguished from the connective '=>'. A rule set A is positive if none of the 
bodies in A contains a negation. A is monotone if for every variable assignment 
6, every pair of structures / and J such that / < t J, and every rule body ip of A, 
I9(p) <t J0(p). 

The inflationary consequence operator Ta for positive definition A over E is the 
operator on two- valued E-structures defined by d e P Fa ( 7 ) iff d e P 7 or there exists 
a rule Vx (P(x) tp) in A such that I[x/d] |= 

Note that the operator Ta is < t -monotone. A structure / satisfies A, denoted 
/ |= A, if I is a fixpoint of Ta- 

To each finite set of INF sentences over E, we associate the following positive 
rule set over tf(E). 

Definition 4.6. Let V be a set of INF sentences and I a structure. The rule set 
associated to V is denoted by Ay and defined by 

A y - {Vx ((L[x])ct 4- Vet) I Vx (V =*■ L[x]) e V} . 

Observe that because of Proposition 2.6, Ay is a positive rule set. The following 
proposition explains that Ay can be seen as a description of lim j?(yy 

Proposition 4.7. For every set V of INF sentences over E and Ti-structure I, 
tf(lim, y(y) (i : )) - glb< t ({M | M h Ay and M > t tf (/)}). 

Phrased differently, tf(lim^-(y)(J)) is the least Herbrand model of the positive 
rule set A obtained by introducing a fresh constant symbol Cd for every domain 
element d in I and adding to Ay the rules P c t(Cd 17 • • • , Cd n ) T, respectively 
P c f(Cd 17 • • • , Cd n ) T, for every domain atom P(d\, . . . , d n ) that is true, respec- 
tively false, in /. 

There are several benefits of using Ay as a description of lim^y). From a 
practical point of view, Proposition 4.7 states that we can use any existing algo- 
rithm that computes the least Herbrand model of positive rule sets to implement 
limjr(y). Several such algorithms have been developed. For example, in the area of 
production rule systems, rete [Forgy 1982] and LEAPS [Miranker et al. 1990] are 
two well-known algorithms; Van Weert [2010] describes improvements of these algo- 
rithms, used in implementations of Constraint Handling Rules. Other examples are 
the algorithms implemented in Prolog systems with tabling such as xsb [Swift 2009] 
and yap [Faustino da Silva and Santos Costa 2006]. In the context of databases, 
a frequently used algorithm is semi-naive evaluation [Ullman 1988]. Adaptations 
of the semi-naive evaluation are implemented in the grounding component of DLV 
[Perri et al. 2007] and in the grounder GIDL [Wittocx et al. 2010]. It follows that 
the large amount of research on optimization techniques and execution strategies 
for these algorithms can be used to obtain efficient implementations of lim j?(y\ for 
a set V of INF propagators. 
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Most of the algorithms and systems mentioned above expect that all rules are of 
the form Va? (P(x) By (Qi(Zi) A ... A Q n (z n ))), i-e., each body is the existential 
quantification of a conjunction of atoms. Some of the algorithms, e.g., semi-naive 
evaluation, can easily be extended to more general rule sets. Instead of extending 
the algorithms, one can as well rewrite rule sets into the desired format by applying 
predicate introduction [Vennekens et al. 2007], provided that only structures with 
finite domains are considered. 

Other potential benefits of representing lim y(y) by Ay stem from the area of 
logic program analysis. For instance, abstract interpretation of logic programs 
[Bruynooghe 1991] can be used to derive interesting properties of liniy(y), program 
specialization [Leuschel 1997] to tailor Ay to a specific class of structures /, folding 
[Pettorossi and Proietti 1998] to combine the application of several propagators, 
etc. 

4.3 From FO to INF 

As mentioned above, computing G T (1) can be computationally expensive. The 
same holds for J2V(/). For instance, if T contains only one sentence, then G T = Jz?t, 
and therefore the best known algorithms for applying J-f^ can take exponential time 
in |/| for finite structures /. In this section, we present a computationally cheaper 
method for constraint propagation on FO theories. The method consists of trans- 
forming, in linear time, a theory T into an equivalent set of INF sentences. Then 
propagation on T can be performed by applying the corresponding INF propagators. 
Theorem 4.5 ensures that this propagation has polynomial-time data complexity. 
The price for this improved efficiency is of course a loss in precision. 

The next subsection describes the transformation. A diligent reader will note 
that the algorithm is non-deterministic and that a much more compact set of INF 
sentences can be generated (our implementation does). However, as we have no 
claims of optimality and our sole aim is to state polynomial-time data complexity, 
we present the most straightforward transformation. 

4.3.1 From FO to Equivalence Normal Form. The transformation of theories 
to INF sentences works in two steps. First, a theory T is transformed into a E- 
equivalent set of sentences in equivalence normal form (ENF). Next, each ENF 
sentence is replaced by a set of INF sentences. We show that both steps can 
be executed in linear time. Also, we mention a theorem stating that under mild 
conditions, no precision is lost in the second step. That is, for each ENF sentence 
<p that satisfies these conditions, there exists a set of INF sentences V such that 
6f = lim^ (y) . 

Definition 4.8. An FO sentence (p is in equivalence normal form (ENF) if it is of 
the form Vx (L[x] ip[x}), where ip is of the form (Li A ... A L n ), (Li V ... V L n ), 
(Vy L'), or (3y L'), and L, L', L\, L n are literals. An FO theory is in ENF if 
all its sentences are. 

Recall that we denote by ip[x] that x are precisely the free variables of tp. Thus, 
the definition of ENF implicitly states that in every ENF sentence Va; (P(x) tp), 
the free variables of are the free variables of P(x). Also, we allow that n = 1 in 
the definition, i.e., Vx (L[x] Li[x}) is in ENF. 
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We now show that every FO theory T over a vocabulary S can be transformed 
into a ^-equivalent ENF theory T". The transformation is akin to the Tseitin 
transformation for propositional logic [Tseitin 1968]. 

Algorithm 4.9. Given an FO theory T: 

(1) Push negation inside until they are directly in front of atoms (also eliminating 
implication) and "flatten" nested conjunctions and disjunctions, e.g., ((PAQ)A 
R) is replaced by (P A Q A R). 

(2) Replace every sentence ip of T that is not of the form Vx (L[x] <J=> tp[x]), where 
L is a literal, by T <p. 

(3) While T is not in ENF: 

(a) Choose a sentence ip of T that is not in ENF. This sentence is of the form 
Vx (L[x]**1>[x]). 

(b) Choose a direct subformula x[y] of V 7 ; replace xW\ by Aux(y) in ip, where 
Aux is a new predicate, and add the sentence Vy (Aux(y) <J=> x[V]) to T. 

(4) Return T. 

Clearly, the result of Algorithm 4.9 is an ENF theory. Observe that the first step 
is linear in the size of T and produces a theory T" that is linear in the size of T. 
The auxiliary predicates introduced in step (3b), replace subformulas of T'. Since 
the number of subformulas in T' is linear in the size of T and each subformula is 
replaced at most once by an auxiliary predicate, the algorithm runs in linear time. 

Example 4.10. The result of applying Algorithm 4.9 on the theory T\ from Ex- 
ample 3.9 is the theory 

T 4=> VxVy Auxi(x, y), 

VxVy (Auxi(x,y) -i MutExcl (x , y) V -i Selected (x) V elected (y)), 
T <^=> 3m Aux 2 (m), 

Vra (Aux2(m) Module(m) A S "elected (m)), 
T ^ Vc Aux 3 (c), 

Vc (Aux 3 (c) ^Course(c) V Aux^c) V Selected(c)), 
Vc (Aux^c) <^ Vm Aux5(m, c)), 

VcVm (.4^X5(771,0) <^ ^Module (m) V ^Selected(m) V -i/n(c, m)). 

Here, the predicates Aux-l, . . . , ^4mx 5 are introduced by the algorithm. 

As steps (1) and (2) of Algorithm 4.9 trivially preserve logical equivalence and 
step (3) preserves S-equivalence according to Proposition 2.2, the following propo- 
sition holds: 

PROPOSITION 4.11. Let T' be the result of applying Algorithm 4-9 on a theory 
T over S. Then T and T' are T,- equivalent. 

The combination of Proposition 3.3 and Proposition 4.11 ensures propagators for 
T" can be used to implement propagators for T. 
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INFO) 


Vx (L Li A . . . A L n ) 


V/77: (j a a J — ^ J \ 
vX \-L*i A • • ■ A i-m ^ ^ ) 

Vx (^L, => -iL) 1 < i < n 
Vx (L Li) l<i<n 
Vx (-.L A Li A ... A Li_! A L i+1 A ... A L n => -.Li) 1 < i < n 


Vx (L Li V . . . V L n ) 


Vr (— 1/V1 A A —1 T,„ => —iTA 

Vx (Li => L) 1 < i < n 
Vx (-.L => -.Li) 1 < j < n 
Vx (L A -.Li A ... A -.Li_i A -.L i+ i A ... A -<L n => Li) 1 < % < n 


Vx (L[x]^My L'[x,y\) 


Vx «Vy L'[x,y]) ^ L[x]) 
Vx(3y -L'[x,y]) =^L[x]) 
MxMy (L[x] => L'[x,y]) 

Vxiy ((-,L[x] AVz (y =£z =$> L'[x,y][y/z])) => -^L'[x,y]) 


W(L[x]^3y L'[x,y\) 


Vx ((Vs/-.L'[x,j/])=J--i[x]) 
Vxpy L'[x,j/])=>L[x]) 
VxVy(-L[x]^-L'[x,y]) 

VxV^ ((L[x] AVz (17^z=^-.L'[x,5][i7/z])) => L'[x,j/]) 



Table I. From ENF to INF. 



4.3.2 From ENF to INF. As shown in the previous section, every theory over E 
can be transformed into a ^-equivalent ENF theory. Now we show that any ENF 
theory T can be transformed into a logically equivalent theory INF(T) containing 
only INF sentences. The transformation is inspired by standard rules for Boolean 
constraint propagation as studied, e.g., by McAllester [1990] and Apt [1999b]. As a 
result, we obtain a propagator for T with polynomial-time data complexity. Com- 
bined with the results of the previous section, this yields a propagation method 
for FO with polynomial-time data complexity The relation of this propagation 
method to unit propagation for propositional formulas in conjunctive normal form, 
is clarified by Apt [1999b] and Wittocx [2010]. 

Each of the INF sentences we associate to an ENF sentence Vx (L[x] ip) is 
either logically equivalent to Vx (L[x] => ip) or to Vx (ip L\x\). The set of all 
INF sentences associated to an ENF sentence (p contains for each predicate P that 
occurs in ip a sentence of the form Vx (ip P(%)) and a sentence of the form 
Vx (ip ^P(x)). As such, the corresponding propagators arc, in principle, able to 
derive that a domain atom P{d) is true, respectively false, if this is implied by <p. 

Definition 4.12. For an ENF sentence ip, the set of INF sentence INF(y>) is 
defined in Table I. For an ENF theory T, INF(T) denotes the set of INF sentences 
U^ T INF(^). 

It is straightforward to verify the following proposition. 

PROPOSITION 4.13. For every ENF sentence tp, INF (tp) is logically equivalent 
to ip. Similarly for ENF theories. 

It follows that if T is an ENF theory, any propagator for INF(T) is a propagator 
for T. In particular, for every <p £ INF(T), J^^ is a polynomial-time propagator 
for T. As a corollary of Theorem 4.5, we have: 

Proposition 4.14. If T is an ENF theory, then the operator liniy( INF ( T )) is 
a propagator for T. For a fixed ENF theory T and varying finite structures I, 
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lim j?(inf(t))(I) can be computed in polynomial time. 

4.4 Summary 

Combining the results above yields the following propagation algorithm for FO 
theories. 

Algorithm 4.15. For an input theory T over E and a E-structure /: 

(1) Transform T to an ENF theory T' using Algorithm 4.9. 

(2) Construct a (stabilizing) ^(INF(T))-refinement sequence from /. Denote the 
last element by J. 

(3) Return (inco(J))| e . 

Note that this is an any-time algorithm: the refinement sequence constructed in 
the second step can be stabilizing, but this is not necessary. In either case, the 
algorithm implements a propagator for T. From Proposition 4.14, it follows that 
the algorithm has polynomial-time data complexity: 

Proposition 4.16. For a fixed theory T and varying finite structures I, Algo- 
rithm 4-15 can be implemented in polynomial time. 

Since only INF propagators are used, the second step of Algorithm 4.15 can be 
executed by representing lim y(v) as a positive rule set and computing the model 
of that set. In the following, we call Algorithm 4.15 the propagation algorithm. For 
a general theory T, we denote by INF(T) the set of INF sentences INF(T'), where 
T" is obtained from T by applying Algorithm 4.9. 

Algorithm 4.15 can be seen as an algorithm that propagates information up 
and down the parse tree of the input theory T. Indeed, let Aux be a predi- 
cate and Vx (Aux(x) ip) a sentence, introduced while transforming T to ENF. 
As mentioned, Aux represents the subformula p of T. Hence, INF sentences in 
INF(Vx (Aux(x) ip)) of the form Mx {ip =>■ Aux(x)) or Vx [ip =>■ -^Aux(x)) prop- 
agate information derived about subformulas of <fi to ip itself. That is, they prop- 
agate information upwards in the parse tree of T. The other INF sentences in 
INF(Vx (Auxix) ip)) propagate information about <p downwards. 

As an illustration, we apply the propagation algorithm on the theory and struc- 
ture from Example 3.9. 

Example 4.17. Let T\ and /n be the theory and structure from Example 3.9. 
Transforming T\ to ENF produces the theory shown in Example 4.10. According 
to Definition 4.12, the set of INF sentences associated to this theory contains, 
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amongst others, the sentences 

VaVy (T =>■ Aux\(x,y)), (4) 

VzVy (Auxi(x, y) A MutExcl(x, y) A Selected (x) -i Selected (y)), (5) 

Vc (T ^3(0)), (6) 

Vc (Aux 3 (c) A C'ourse(c) A -<S elected (c) =>■ ^2:4(0)), (7) 

VcVm (v4mo;4(c) => Aux5(m, c)), (8) 

Vm (Module(m) A 3c (^mo^to, c) A In(c,m)) =>■ -1 Selected (m)), (9) 

Vm 'elected (to) ^^4ua;2(™))i (10) 

Vto (^Module(m) -^m^m)), (11) 

Vto (T A Vto' (to 7^ to' =>• -i-Aita^On')) Aua^On)), (12) 

Vto ( .4 3/3:2 (m) =>■ S elected (m)), (13) 

VtoVc (Module(m) A Selected(m) A In(c,m) => -^Aux 5 (m,c)) 7 (14) 

Vc (3m ->^4mx5(to, c) ^^^2:4(0)), (15) 

Vc (Course(c) A .Altaic) A -lAt/a^c) Selected{c)). (16) 



If one applies the associated INF propagators on 7 m the order of the sentences 
above, the following information is derived. First, propagator ^( 5 ' o J^ 4 ) derives 
that Auxi(c\,C2) is certainly true and that C2 is certainly not selected. Next, ^( 6 ) 
derives that Ai/a^c) is certainly true for all courses c. t ^ r( - 7 ' combines the derived 
information and concludes that Aux±(ci) is certainly true. This in turn implies, by 
J^ (8) , that A ux^iyn, c) is certainly true for, a.o., m — m2 and c — C2. derives 
from the fact that C2 belongs to to 2 , that m 2 cannot be selected. Next, it is derived 
that mi is certainly selected by applying ^( 13 ) o • • • o y( 10 \ and finally, applying 
j^(!6) jr(i5) j^(i4) yjgidg t na ^ C3 i s certainly selected. As such, exactly the same 
information as in G Tl (I ) is derived. 

The following example gives another illustration of what the propagation algo- 
rithm can achieve. 

Example 4.18. Consider the theory T 2 , taken from some planning domain, con- 
sisting of the sentence 

VaVa p Vi (Action (a) A Action (a p ) A Time (t) A Prec (a p , a) A Do (a, t) 
=> 3t p (Time(t p ) A t p < t A Do(a p ,t p ))). 

This sentence describes that some action a with precondition a p can only be per- 
formed at time point t if a p is performed at some earlier time point t p . Let I 2 be a 
structure such that 

l2(Prec(do,di) A ... A Prec(d n -\, d n )) = t. 

I2 indicates that there is a chain of n actions that need to be performed before d n . 
The propagation algorithm can derive for input T 2 and I2 that d n can certainly not 
be performed before the (n + l)th time point. 

The INF sentences in Example 4.17 illustrate that the presented transformation 
from general FO theories to INF sentences produces a non-minimal set of INF 
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sentences. Logic programming techniques may be applied to reduce this set. For 
instance, if unfolding is applied for predicate Aux\, sentence (5) is replaced by the 
shorter sentence VrrVy (MutExcl(x,y) A Selected(x) -> S 'elected (y)), and (4) can 
be omitted. Similarly, unfolding can be applied to omit (6)-(8) and replace (9) 
by Vm (Module(m) A 3c (-iS 'elected (c) A In(c,m)) => -> S 'elected (m)). Sentences 
in LNF(Ti) of the form VaiVy (ip =>■ Aux\(x,y)) can be omitted because they are 
subsumed by (4). Sentences of the form ip T can be omitted because they are 
tautologies. Etc. It depends on the practical implementation of the propagation 
algorithm whether optimizing the set of INF sentences in this manner leads to a 
significant speed-up. 

For sentences <p of some specific form, it is easy to directly associate sets of INF 
sentences that are smaller than LNF^) but produce the same propagation. For 
instance, to a clause Vx (ii V ... V L n ), the set {Vx (^Li A ... A -^Ln_\ A ~^L i+1 A 
... A ~^L n Li) | 1 < i < n} could be associated. For sentence (1) of Example 3.9, 
this is the set 



instead of the fourteen sentences in INF((1)). It is noteworthy that extensively 
applying simplification techniques as described in the previous paragraph reduces 
INF((1)) to the three sentences (17)-(19). 

4.5 Notes on Precision 

Because of Proposition 3.8, the result J of applying Algorithm 4.15 on input theory 
T and structure / is less precise than T {1). As we will show in Example 4.20, 
there are cases where J is strictly less precise than & T (I). For applications like, 
e.g., configuration systems and approximate query answering (see Section 7), it is 
an important question for which T and / this loss in precision occurs. 

The loss of precision in Algorithm 4.15 on an input theory T compared to ff 7 ', 
is in principle due to three factors: 

(1) Instead of propagating the theory T as a whole, Algorithm 4.15 considers prop- 
agators for individual sentences, and combines them in a refinement sequence. 
As Example 3.12 shows, this may lead to a loss in precision. 

(2) The theory is translated to ENF. 

(3) Instead of applying the complete propagator 6* for an ENF sentence <p, the 
incomplete propagators for INF sentences ip € INF(y>) are applied. 

The following theorem states that under some easy-to-verify conditions, the third 
factor does not contribute to the loss in precision. The theorem indicates that 
J^(INF(</?)) is essentially the "right" set of propagators to approximate . 

Theorem 4.19 [Wittocx 2010]. If ip is an ENF sentence such that no pred- 
icate occurs more than once in it, — INCO o lim ^( INF ( v -)) . 

The inconsistency propagator INCO is needed in the theorem to cope with a 
small technical detail. The only strictly four- valued structure that can be obtained 
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(17) 
(18) 
(19) 
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by applying a complete propagator is the most precise structure T- p . This is in 
general not the case for the propagator lim j?(inf(^))- Applying the inconsistency 
propagator solves this technical detail. 

Concerning the loss in precision due to the first two factors mentioned above, 
it is worth noting that predicate introduction may actually lead to more precise 
propagation. We illustrate this on an example. 

Example 4.20. Consider the prepositional theory T consisting of the two sen- 
tences (P V Q) and ((P V Q) => R). Clearly, R is true in every model of T and 
therefore <^ T (_L-p)(P) = t. However, Jz? T (-L- p ) = -L- p . Intuitively, this loss in 
precision is due to the fact that a three-valued structure cannot "store" the infor- 
mation that (P V Q) is true in every model of T if neither P nor Q is true in every 
model. However, if we apply predicate introduction to translate T to the theory T' 
consisting of the sentences 

Aux oPVQ, Aux, Aux R, 

there is no loss in precision: _£?t'(-L- p )(P) = t. The fact that (PVQ) must be true 
is "stored" in the interpretation of the introduced predicate Aux. 

We refer to the work of Denecker et al. [2010] for results on precision in the 
context of approximate query answering in incomplete databases under local closed 
world assumptions. It is a topic for future research to extend these results to our 
more general context. 

5. SYMBOLIC PROPAGATION 

In this section, we discuss the symbolic version of INF propagators. To this end, we 
first introduce the notion of a symbolic structure. Intuitively, a symbolic structure $ 
relates a vocabulary T to a vocabulary S. It does so by defining for every predicate 
of S a query over T. This relationship can be used for mapping a structure over 
a vocabulary T to a structure over S. This is reminiscent of materializing the 
intentional predicates in a deductive database. The relationship can also be used 
to map a formula over E to a formula over T. This is reminiscent of reducing a 
query over the intensional predicates of a deductive database to a query over the 
extensional predicates. A symbolic structure is similar to an interpretation between 
theories [Enderton 2001], but it does not alter quantifiers. 

Once symbolic structures are defined, symbolic INF propagators are introduced. 
These propagators map symbolic structures to symbolic structures, in a similar 
way as non-symbolic INF propagators do for non-symbolic structures. As we will 
explain, symbolic propagation is beneficial when precision is less important than 
efficiency, when only parts of the result of propagation are of interest, or when 
propagation for a fixed theory needs to be performed for several structures. 

In theory, the vocabularies T and £ that are connected by a symbolic structure 
need not be related. However, in all practical applications we investigated so far, 
T is a subset of S U tf(£). The interpretation of the predicates in T acts as the 
input to non-symbolic propagation. 
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5.1 Symbolic Structures 

Definition 5.1. A symbolic two-valued T,-structure <E> over T consists of a query 
P* for each predicate P € E. The query P* for a predicate P/n is of the form 
{(xi, . . . , x n ) | ip} with ip a formula over T. 

For the rest of this section, when we use the term symbolic structure, we mean a 
symbolic S-structure over T. 

A symbolic two- valued structure <& can be used to map a two- valued T-structure 
P with domain D to a two- valued E-structure, denoted 3>(P), over the same domain 
D; it uses the queries to define the predicates of E in $(P). 

Definition 5.2. Let £ be a T-structure. Then $(P) denotes a E-structure which, 
for each predicate in P g E, is defined as P*( B ) = (P*)P 

Example 5.3. Let E be the vocabulary {P/iom&us/l} and T the vocabulary 
{Quadrilateral /l, EqualSides /!}. An example of a symbolic E-structure over T 
is the symbolic structure $ that assigns Rhombus® = {x \ Quadrilateral (x) A 
EqualSides (x)}. If P is the T-structure with domain D = {a,b,c} that assigns 
Quadrilateral E — {a 7 b} and EqualSides E = {b, c}, then $(P) is the E-structure 
with domain D that assigns Rhombus®^ = {x \ Quadrilateral (x)AEqualSides (x)} E = 
{&}. 

Given E, <!> can be seen as a symbolic description of $(P). Given a set V of 
T-structures, $ can be seen as describing the set {$(£') | P G y} of E-structures. 

A symbolic structure $ can also be used to map a formula over E to a formula 
over T. It uses the queries to "unfold" the predicates in E. 

Definition 5.4. Let ip be a formula over E and 4> a symbolic structure. Then 
<&(</?) denotes the formula over T obtained by replacing each occurrence of an atom 
P(y) in ip by tp[x/y], where P* = {x | ip}. 

The following proposition relates models of ip with models of 

Proposition 5.5. For every formula ip overT,, symbolic structure <J> , T-structure 
E and variable assignment 9, ($>(E))0 \= ip iff E9 |= $(<p). 

Example 5.6. Let E, T, $, and P be as in Example 5.3, and let ip be the sentence 
By Rhombus (y). Then <&(</?) is the sentence 3y (Quadrilateral (y) A EqualSides (yj). 
Clearly, P |= $(^) and $(P) |= p. 

We call a symbolic tf (E)-structure over T a four-valued symbolic Y.-structure 
over T. Such a structure $ can be used to map a two- valued T-structure P to a 
four- valued E-structure /, namely the structure such that tf(7) = $(P). As such, 
it can be seen as a symbolic description of a class of four- valued structures over E. 
Abusing notation, we identify $(P) with I. 

A four-valued symbolic structure $ can also be used to map a formula ip over E 
to a pair of formulas over T, namely the pair of T-formulas (<J>(<£ ct ), $(<p c f)) which 
we denote as $(</?). Combining Proposition 5.5 and Proposition 2.5 then yields the 
desired result that the $(</?) is a description of the truth value of p in the four- 
valued structures represented by That is, for every T-structure P and variable 
assignment 9, §(E)9(p) = E9($(<p)). In other words, to evaluate ip in structure 
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<5>(E) and variable assignment 0, one can first evaluate ip symbolically in $ and 
then in E and 9. 

Example 5.7. Let S be {Module /l, Selected /l, In / '2, MutExcl / 2} (the vocabu- 
lary from Example 3.9) and let T be {Module /l, 7n / '2, MutExcl / '2, Selected ct /l}. 
Let Jo be the S-structure from Example 3.9 and let i? be the two- valued T-structure 
that assigns {ci} to S elected c t and corresponds to I on the symbols of EnT. Define 
the four-valued symbolic E-structure $ over T by 

In% = {(c,m) | 7n(c, m)} MutExcl% = {(x,y) \ MutExcl(x,y)} 

In% = {(c,m) | -i/n(c,m)} MutExcl% = {(x,y) | -i MutExcl (x,y)} 

Modulef t = {to \ Module(m)} Selected^ = {c \ Selected ct (c)} 
Module® = {m \ ^Module(m)} Selected% = {c \ _L} 

It can be checked that £'($) corresponds to 7 - Let ^3 be the sentence 
VcVm (-i Selected (m) V ^In(m, c) V Selected (c)) . 

Then <p ct and y> c f are given by, respectively, 

VcVm (Selected c f(m) V In c f(m,c) V Selected c t(c)), 
3c3m (Selected ct (m) A In ct (m, c) A Selected c f (c)). 

The evaluation of <y9 ct and (^9 c f in $ are, respectively, the sentences VcVm (_L V 
->In(c, m) V Selected ct(c)) and 3c3m (Selected c t(m) A 7n(c, to) A _L). These two 
sentences are false in i£, and therefore ^3 is unknown in Jo- 

5.2 Symbolic Propagators 

We now lift propagators to the symbolic level. 

Definition 5.8. A symbolic propagator S for a theory T is an operator on the 
set of four- valued symbolic structures over T such that for each T-structure £7 and 
symbolic structure the following conditions are satisfied: 

- He) < p s($)(e) 

- for every model M of T such that < p M, also £($)(£) < p M. 

Note that these two conditions on symbolic propagators arc similar to the conditions 
on non-symbolic propagators. As is the case for non-symbolic propagators, the 
composition S2 ° 5*1 of two symbolic propagators for theory T is again a symbolic 
propagator for T. 

We say that a symbolic propagator S describes a non-symbolic propagator O 
if for every symbolic four-valued structure $ over T and every T-structure E, 
S($)(E) = $(0(E)). It is straightforward to check that if Si describes Oi and S 2 
describes O2, then S20S1 describes O^oOi. It follows that symbolic propagators can 
be used to describe finite refinement sequences. Indeed, let V be a set of propagators 
such that for each O £ V, there exists a symbolic propagator S describing O. Let 
(Ji}o<i<n be a ^-refinement sequence from &(E) and denote by Oi a propagator 
such that Oi(Ji) = Jj+i. Then J n = S n -i(. . . (S (&)) ■ ■ -)(E) where Si denotes the 
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symbolic propagator that describes Oi for < i < n. As such, S n -i(- ■ ■ (S'o($)) . . .) 
can be seen as a symbolic representation of the refinement sequence (Ji)o<i<n- To 
describe transfinite refinement sequences with symbolic propagators, we would in 
general need symbolic E-structures that assign queries over an infinitary logic to 
the symbols of E. 

We now introduce symbolic INF propagators. For the rest of this section, let $ 
be a four-valued symbolic E-structure over T and E a T-structure. If two queries 
{x | ip} and {y | %} have the same arity, i.e., |x| = \y\, we denote by {x \ ip}U{y | x} 
the query {z \ ip[x/z] V x[y/z]}, where z is a tuple of new variables. Note that 
({x | ip} U {y | x}) E — I '4>} E U {y | x} E f° r every structure E. 

Definition 5.9. Let ip be the INF sentence (tp => P{x)). The symbolic INF 
propagator is defined by 

Q ^(4) = \P% U | $(Vct)} if Q = ^ct 
1 Q* otherwise. 

That is, the queries for predicates different from P ct are copied from $ and the 
query for P ct is extended with the mapping upon vocabulary T of i/'ct- If </? is the 
INF sentence Vx (ip ->P(x)), then J^f is defined by 

= J p cf u I $(^ct)}) if - Pcf 

1 Q* otherwise. 

The following result states the desired property that symbolic INF propagators are 
the symbolic counterpart of non-symbolic INF propagators. 

Proposition 5.10. Jf describes y v for every INF sentence ip. 

Proposition 5.10 implies that one can execute the propagation algorithm (Al- 
gorithm 4.15) using symbolic INF propagators in step 2 instead of non-symbolic 
ones. We refer to this symbolic version of the algorithm as the symbolic propagation 
algorithm. 

Example 5.11. Consider the following INF sentences 3 : 

VxVy (-'Edge (x, y) => ^InHam (x, y)) (20) 
VxVy {Start {y) ->InHam(x,y)) (21) 
VxVyVz (^InHam(x,y) A ^InHam(x, z) => Aux(x,y, z)). (22) 

Let T be the vocabulary {Edge /2, Start /!} and let $ be the symbolic structure 



3 These sentences are some of the INF sentences obtained when reducing a standard FO(ID) 
encoding of the Hamiltonian path problem to INF. The predicate InHam represents the edges in 
the Hamiltonian path. The predicate Aux is an auxiliary predicate, introduced when the sentence 
\fxiyiz (InHam (x,y) A InHam (x, z) => y = z) — which states that the path does not split — is 
reduced to ENF. 
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over T assigning 

Edge* = {(x, y) \ Edge (x, y)} Edge* = {(x, y) \ ^Edge (x, y)} 

Start%° = {x | Start (x)} Start* = {x \ ^Start(x)} 

InHamf = {(x, y) \ ±} InHamf = {(x, y) \ !_} 

Aux%° = {(x, y, z) | J.} Auxf° = {(x, y, z) | !_}. 

Applying J^ 20 ' 1 on l>o yields a symbolic structure l>i that assigns {(x,y) | _L V 
^Edge(x,y)} to InHam c f. Applying on $1 produces symbolic structure $2 

assigning {(x,y) | _L V ^Edge(x,y) V Start (y)} to InHam c f. Finally, the result of 
applying ^i 22 ' 1 to $ 2 assigns 

{(x,y,z) I _LV ((_LV -^Edge{x,y)V Start {y)) A(_LV ^Edge(x, z) V Start (z)))} (23) 

to Aux ct . 

Observe that computing J>f{&) takes time 0(\(p\ ■ |$|), while computing J^ V (I) 
takes time 0(\I\ ^) since evaluating a formula <p in a structure / takes time C(|/|'^') 
[Gradel et al. 2007] . This indicates a possible benefit of using symbolic INF propa- 
gators instead of non-symbolic ones. However, this gain in efficiency does not come 
for free. One problem is that testing whether a sequence of symbolic structures is 
stabilizing is undccidable, because it boils down to testing logical equivalence of FO 
formulas. Another problem concerning symbolic refinement sequences is the size 
of symbolic structures. The size of J*f{§) is Oi\<p\ ■ |4>|). As such, the size of the 
last element of a refinement sequence constructed using symbolic INF propagators 
is exponential in the length of the sequence, while for non-symbolic refinement se- 
quences from a finite structure, the size of the last element is polynomial in the size 
of that structure. The exponential growth of the symbolic structures can some- 
times, but not always, be avoided by replacing the queries assigned by a structure 
by equivalent, but smaller queries. For example, (23) could be replaced by the 
shorter, equivalent query 

{(x,y,z) I (^Edge(x,y)V Start (y)) A (^Edge(x, z) V Start (z))}. 

Wittocx et al. [2010] describe a detailed implementation of the symbolic propagation 
algorithm using first-order binary decision diagrams [Goubault 1995]. 

We expect symbolic propagation to be useful in applications where precision is 
less important than efficiency, and where the evaluation <fr(E) of the last structure 
$ of a refinement sequence in T-structure E need not be computed completely. 
Grounding (Section 7.2) and approximate query answering (Section 7.5) are two 
examples of such applications. 

6. PROPAGATION FOR FO(ID) 

One of the famous examples of concepts that are not expressible in FO is the 
concept of reachability in a graph. In fact, most concepts that require a recursive 
definition cannot be expressed in FO. Nevertheless, inductive definitions appear in 
many real-life computational problems such as automated planning or problems 
involving dynamic systems [Dcnecker and Ternovska 2007; 2008]. In this section, 
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we extend the propagation algorithm to an extension of FO with inductive, i.e., 
recursive, definitions. 

6.1 Inductive Definitions 

Like a rule set, a definition A is a finite set of rules of the form \/x (P(x) <— tp[y]). 
Predicates that appear in the head of a rule of A are called defined predicates of 
A. The set of all defined predicates of A is denoted Dcf(A). All other symbols 
are called open with respect to A. The set of all open symbols of A is denoted 
Open(A). 

Example 6.1. The following definition defines the predicate Reach in terms of 
open predicate Edge . 

J Vx\/y (Reach (x , y) «— Edge(x,y)), 
y VxV?/ (Reach (x, y) 3z (Reach (x, z) A Reach (z, y))) 

Informally, this definition expresses that y can be reached from x in the graph 
represented by Edge , if either there is an edge between x and y, i.e., Edge (x, y) is 
true, or if there is some intermediate node z such that z can be reached from x and 
y can be reached from z. 

The formal semantics of definitions is given by their well-founded model [Van 
Gelder et al. 1991]. We borrow the presentation of this semantics from Denecker 
and Vcnnekcns [2007]. 

Definition 6.2. Let A be a definition and / a finite three- valued structure. A 
well-founded induction for A extending I is a (possibly transfinite) sequence (</,t)o<£< 
of three- valued structures such that 

(1) J = /|o P en(A) + -l-Def (A) > 

(2) J\ — lub< p ({J^ | £ < A}) for every limit ordinal A < a; 

(3) For every ordinal £, Jj+i relates to in one of the following ways: 

(a) J^ + i = J^[V/t], where V is a set of domain atoms such that for each 
P(d) G V, P Jl: (d) = u and there exists a rule Mx (P(x) <— p) in A such 
that J^\x/d](<p) = t. 

(b) J^ + i = [U /f] , where U is a set of domain atoms, such that for each P(d) e 
U, P J t(d) = u and for all rules Vx (P(t) <- <p) in A, J i+1 [x /d\(ip) = f. 

Intuitively, (3a) says that domain atoms P(d) can be made true if there is a rule 
with P(x) in the head and body ip such that ip is already true, given a variable 
assignment that interprets x by d. On the other hand (3b) explains that P(d) can 
be made false if there is no possibility of making a corresponding body true, except 
by circular reasoning. The set U, called an unfounded set, is a witness to this: 
making all atoms in U false also makes all corresponding bodies false. 

A well-founded induction is called terminal if it cannot be extended anymore. 
The limit of a terminal well-founded induction is its last element. Denecker and 
Vennekens [2007] show that each terminal well-founded induction for A extending 
I has the same limit, which corresponds to the well-founded model of A extending 
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7|o P en(A)- The well-founded model is denoted by wfmA(-0- In general, wfrriA(-0 is 
three- valued. 

A two- valued structure / satisfies definition A, denoted / |= A, if / = wfniA(/)- 
The extension of FO with inductive definition is called FO(ID). A FO(ID) theory 
is a set of FO sentences and definitions. A two- valued structure satisfies an FO(ID) 
theory T if it satisfies every sentence and every definition of T. 

The completion of a definition A is an FO(ID) theory that is weaker than A: 

Definition 6.3. The completion of a definition A is the FO theory that contains 
for every P e Def(A) the sentence 

Vx (P{x) «• {By^x = J/i A ipi) V . . . V 3y n (x = y n A ip n ))), 

where Vy ± {P(y~i) <pi), ■ • • , Vy„ (P{y n ) ^— <p n ) are the rules in A with P in the 
head. 

We denote the completion of A by Comp(A). If T is an FO(ID) theory then we 
denote by Comp(T) the result of replacing in T all definitions by their completion. 
The following result states that the completion of T is weaker than T. 

Theorem 6.4 [Denecker and Ternovska 2008]. A |= Comp(A) and T \= 
Comp(T) for every definition A and FO(ID) theory T . 

6.2 Propagation for Definitions 

In this section, we consider two approaches to extend the propagation method to 
FO(ID). First, we discuss the application of our propagation method for FO on 
the completion of FO(ID) theories. Secondly, we define an INF propagator for 
definitions. 

6.2.1 Propagation on the completion. It follows from Theorem 6.4 that the prop- 
agators obtained by applying Algorithm 4.15 on Comp(T) are propagators for the 
theory T. However, note that a complete propagator for Comp(T) can be incom- 
plete for T. For example, consider the definition A := {P <— P}. This definition 
has only one model, in which P is false. Hence, (€? A (_L- p ))(P) = f. The completion 
of A is the sentence (P P), which has a model making P true and one making P 
is false. Therefore (^ Com P( A )(_L^))(.P) = u. We conclude that ^Comp(A) ^ 
Moreover, ^? Com P( A ) is not inducing for A, that is, it may not recognize that a 
given two- valued structure is not a model of A. 

If I is a finite structure and T a FO(ID) theory, there exists an FO theory T" such 
that the models of T approximated by / are precisely the models of T' approximated 
by I. Such a theory can be constructed by applying propositionalization (see, 
e.g., [Wittocx et al. 2010]), followed by the transformations described by Janhunen 
[2004] or by Pelov and Ternovska [2005]. Propagation on T and I can then be 
obtained by applying propagation on T" and I. The benefit of this approach is 
a gain in precision. In particular, the resulting propagator is inducing. On the 
other hand, T" can be exponentially larger than T, which has repercussions on the 
efficiency of (symbolic) propagation. 

6.2.2 Propagators for definitions. A second way to extend our propagation 
method to FO(ID) is to introduce special purpose propagators involving defini- 
tions. 
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Definition 6.5. The propagator J^ A for a definition A is defined by 

'lub< p {t, P f } if P wfm A(')(d) = t 
P^ A ( f ) (3) = J lub< p {f, P 1 } if pwfm A (7) = f 
P 7 otherwise. 

v 

It follows from the definition of well-founded induction that J^ A is a monotone 
propagator for every definition A. Moreover, for finite structures /, wfniA(-0 can be 
computed in polynomial time in |7|. As such, J? A is a propagator with polynomial- 
time data complexity. Note that this propagator only propagates information from 
the body of the definition to the head; to propagate from head to body, one needs 
propagators derived from the completion. 

It is an open question whether the propagator lim jny) can be represented by a 
(positive or monotone) rule set if V may contain both INF sentences and definitions. 
Results from fixpoint logics (see, e.g., [Gradel et al. 2007]) suggest that this will be 
possible when only finite structures are considered, but impossible in general. We 
expect that even if it is possible to represent limy ry\ by a rule set Ay, this result 
will not be of practical importance, since Ay will be rather complicated. The same 
remark applies for symbolic propagators simulating liniy(y). 

Recently, Vlaeminck et al. [2010] showed how to represent the propagator limy/y\ 
by a nested fixpoint definition [Hou 2010]. Methods to evaluate such nested defini- 
tions are currently being investigated [Hou et al. 2010]. The extent to which the 
theoretical and practical results about monotone rule sets can be adapted to nested 
fixpoint definitions will determine the usefulness of representing lim^y) by such 
definitions. 



7. APPLICATIONS 

In this section, we briefly sketch several applications of constraint propagation, 
namely finite model generation, improved grounding, approximate solving of uni- 
versal second-order logic (VSO) model generation problems, declarative program- 
ming of configuration systems, and approximate query answering in incomplete 
databases. We refer to papers where these applications are discussed in more de- 
tail. 

7.1 Solving Constraint Satisfaction Problems 

The obvious application of constraint propagation is to solve CSPs. Many real- 
life computational problems are naturally cast as CSPs. Well-known examples 
are scheduling, planning, diagnosis, and lightweight dynamic system verification. 
A standard algorithm to solve a constraint satisfaction problem (C, V, dom) is to 
combine propagators for C with a backtracking algorithm and a branching heuristic. 

A model expansion (MX) is the problem of finding for a given theory T in some 
logic £ and a structure /, a model of T that is approximated by I. We denote 
MX for input theories in logic C by MX(£). As mentioned in Section 3.1 any 
CSP can be mapped to a model expansion problem and vice versa. Often, the 
representation of a CSP by a model expansion problem in a suitable logic is compact 
and highly declarative (see, e.g., the encodings of problems used in the second ASP 
Competition [Denecker et al. 2009]). Similarly as for solving CSPs, MX(FO(ID)) 
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problems can be solved by combining our propagation method for FO(ID) with a 
backtracking algorithm and branching heuristics. 

Most current MX (and ASP) solvers take another approach. First, they reduce 
the input theory and domain to an equivalent propositional theory T g . This process 
is called grounding. Next, an (extended) SAT solver is applied to efficiently find 
a model for T g . If found, this model then corresponds to a solution of the origi- 
nal problem. The benefit of this approach is that current SAT solvers are highly 
optimized. On the other hand, the grounding phase is often a bottleneck since in 
general, it takes exponential time in the quantifier rank, i.e., the nesting depth of 
quantifiers, of the input theory. Consequently, there is a trade-off between applying 
fast unit propagation but first having to ground the input theory, and applying our 
slower propagation method but avoiding the grounding. 

A potential future approach to avoid the trade-off is by combining both propa- 
gation methods, in a way similar to DPLL(T) [Nieuwenhuis et al. 2006]. In this 
combined approach, some sentences of the theory are grounded to propositional 
theory T g , the others — preferably those with a large quantifier rank but low ac- 
tivity, i.e., yielding few propagations — are transformed to a set of INF sentences 
V. Next, a SAT solver is applied on T g . Whenever the SAT solver derives that a 
certain propositional literal L is true, and L unifies with a literal in the condition 
of an INF ip sentence in V, can be applied to derive the truth of other literals. 
In turn, these literals can be communicated back to the SAT solver. 

7.2 Improved Grounding 

Our FO(ID) propagation can be applied to improve current SAT based MX solvers 
more directly by improving the grounding size and time [Wittocx et al. 2010]. In an 
MX problem with input theory T and input structure /, / is often used to encode 
input data for the problem. For example, / might contain the input graph for a 
graph colouring problem. The grounders for MX and ASP primarily reduce the size 
of the computed propositional theory and improve the grounding speed by cleverly 
omitting formulas that do not evaluate to u in /. It follows that grounding improves 
if one first applies propagation on T and / to obtain a more precise structure J. 

In the case of improving grounding, efficiency of propagation is more important 
than completeness. Indeed, detailed propagation will be performed afterwards by 
the SAT solver. For this reason, when implementing propagation to optimize the 
grounder GIDL [Wittocx et al. 2010], we opted for the symbolic propagation algo- 
rithm. Experiments with GIDL show that the time taken by symbolic propagation 
is negligible compared to the overall grounding time, while on average, it reduces 
grounding size and time by 30%, respectively 40%. In some cases, symbolic prop- 
agation makes the difference between being able to ground a theory in less than 
20 seconds, compared to not being able to ground it at all. As far as we know, 
no one thoroughly evaluated whether concrete propagation is suitable to improve 
grounding as well. 

7.3 Approximate Solving of VSO Model Expansion Problems 

As Mitchell and Ternovska [2005] show, it is a direct consequence of Fagin's [1974] 
seminal result that every MX(FO(ID)) problem with a fixed FO(ID) input theory 
and variable finite input structures is in NP. If the input theory is in universal 
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second-order logic (VSO), MX problems are in Ef, and some of these problems 
are -hard. A class of interesting problems that are naturally cast as MX(VSO) 
problems are conformant planning problems. A conformant planning problem is 
a planning problem where only partial information / about the initial state is 
given. A solution is a fixed plan that is guaranteed to lead from any initial state 
approximated by / to the desired goal state. There exists conformant planning 
problems where determining whether a conformant plan of length less than a given 
length I exists is S^-hard, even if I is polynomial in the size of the problem. 

Vlaeminck et al. [2010] show how to approximate an MX(VSO) problem by an 
MX(FO(ID)) problem, in the sense that solutions of the latter are solutions of the 
former (but not necessarily vice versa) . The representation of FO propagation by 
a rule set is crucial in the approximation. 

7.4 Configuration Systems 

The application presented in the introduction is an example of a configuration 
system. A configuration system helps a user to fill out a form in accordance with 
certain constraints. As noted by Vlaeminck et al. [2009], due to the large amount of 
background knowledge involved, developing and maintaining a configuration system 
can be difficult when using (only) a traditional imperative programming method. 
Instead, encoding the background knowledge, e.g., the constraints, in logic and 
applying suitable automated reasoning methods may make these tasks much easier. 

One of the tasks of a configuration system is to prevent the user from making 
invalid choices by automatically disabling such choices. For example, if courses C\ 
and c 2 are mutually exclusive and a student selects the course c\, the system de- 
scribed in the introduction should make selecting c 2 impossible. Using constraint 
propagation, this functionality can be implemented in a declarative way: the con- 
straints describing valid configurations are represented by a theory T, the current 
selection by a three-valued structure /. Then, propagation is applied to derive a 
more precise structure J. Each possible choice that is true according to J is selected 
automatically by the system, each choice that is false is disabled. 

There are two main, albeit somewhat contradictory requirements for the propaga- 
tion in this case. First, since a configuration system is interactive, the propagation 
should be efficient in order to respond sufficiently fast. Secondly, in an ideal sys- 
tem, the user can never make an invalid choice. To this end, the propagation should 
implement the complete propagator G T . Indeed, if J = G T (I) and a choice P{d) 
is unknown in J, then there exists a model of T, i.e., a valid configuration, where 
P(d) is true, and one where P{d) is false. As such, neither selecting nor deselecting 
P{d) is an invalid choice since in both cases a valid configuration remains reachable. 
The combination of both requirements shows the importance of investigating the 
precision of efficient propagators. 

We refer to the work of Vlaeminck et al. [2009] for a more elaborated inves- 
tigation of knowledge based configuration software and a discussion of related 
work. The approach to build configuration systems using propagation for FO(ID) 
was implemented in a Java™library [Calus 2011]. The library is available from 
http : //dtai . cs . kuleuven . be/krr/sof tware/download. Configuration systems 
built with this library turn out to be sufficiently fast and precise. 
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7.5 Approximate Query Answering 

A recent trend in databases is the development of approximate methods to reason 
about databases with incomplete knowledge. The incompleteness of the database 
may stem from the use of null values, or of a restricted form of closed world assump- 
tion [Cortes-Calabuig et al. 2007], or it arises from integrating a collection of local 
databases each based on its own local schema into one virtual database over a global 
schema [Grahne and Mendelzon 1999]. In all these cases, the data complexity of 
certain and possible query answering is computationally hard (coNP, respectively 
NP). For this reason fast (and often very precise) polynomial approximate query 
answering methods have been developed, which compute an underestimation of the 
certain, and an overestimation of the possible answers. 

The tables of an incomplete database are naturally represented as a three- valued 
structure /. The integrity constraints, local closed world assumption or mediator 
scheme corresponds to a logic theory T. Answering a query {x \ p} boils down 
to computing the set of tuples d such that M[x/d] \= <p in every model M of T 
approximated by / (certain answers) and the set of tuples d such that M[x/d] |= p 
for at least one M \= T approximated by / (possible answers). These sets can be 
approximated by {d \ J[x/d](p) — t}, respectively {d \ J[x/d](p) ^ f}, where J is 
obtained by applying constraint propagation for T on /. If a constraint propagation 
method with polynomial-time data complexity is used to compute J, computing the 
approximate query answers above also requires polynomial time in the size of the 
database. Of course, the more precise J is, the more precise the obtained answers 
to the query arc. 

Approximate query answering is an application where symbolic propagation is 
important. There are several reasons why it is to be preferred above non-symbolic 
propagation. First of all, the size of real-life databases makes the application of 
non-symbolic propagation often too slow in practice, since it requires the storage 
of large intermediate tables. More importantly, each time the data is changed, the 
propagation needs to be repeated. This is not the case for the symbolic propaga- 
tion, because symbolic propagation is independent of the data. Thirdly, symbolic 
propagation can be used for query rewriting. Indeed, given a symbolic structure 
computed by propagation, an evaluation structure E and a query <p, the approxi- 
mation to the certain answers for ip are given by the set {d | $(E)\x/d](<p) = t}. 
This set is equal to {x | (<&((p)) ct } E ■ Hence the query {x \ ip} can be rewritten 
to a new query {x | (<&(<p)) c t} 7 which is then evaluated in the database E. Next, 
one can use the various optimization strategies in current database management 
systems to efficiently compute the answers to the new query. Possible answers to 
if are obtained in a similar way. 

Applying the non-symbolic version of Algorithm 4.15 for approximate query an- 
swering generalizes the algorithm of Cortes Calabuig et al. [2006]. Applying the 
symbolic version and rewriting the query generalizes the query rewriting technique 
presented by Cortes-Calabuig et al. [2007]. Conditions that ensure the answers to 
queries obtained via these methods are optimally precise, i.e., conditions that en- 
sure completeness of the propagation algorithm in the context of incomplete, locally 
closed databases, were investigated by Denecker et al. [2010]. 
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8. CONCLUSIONS 

In this paper we presented constraint propagation as a basic form of inference 
for FO theories. We introduced a general notion of constraint propagators and 
briefly discussed the complete propagator for a theory. Due to its high compu- 
tational complexity, the complete propagator cannot be applied in most real-life 
applications. Therefore we investigated incomplete propagators, called INF prop- 
agators. These propagators generalize the propagators for propositional logic pre- 
sented by McAllcster [1990] and Apt [1999b]. Similar propagators were proposed 
in the context of locally closed databases, where approximative query answering 
in polynomial time was studied in a series of papers [Cortes Calabuig et al. 2006; 
Cortes-Calabuig et al. 2007; Cortes- Calabuig et al. 2008] culminating in [Denecker 
ct al. 2010]. A first version of INF propagators for full FO was presented in the 
context of grounding [Wittocx et al. 2008b]. Later we improved the propagators 
and presented them in a more general context [Wittocx et al. 2008a]. The link 
with constraint programming is new in the current paper. Besides their lower com- 
putational complexity, INF propagators for FO have other interesting properties: 
propagation using INF propagators can be represented by a monotone rule set and 
can be executed in a symbolic manner. The former property allows us to use ex- 
isting systems and extensively studied methods to make efficient implementations 
of propagation. The latter property is important in contexts where data changes 
regularly or where only part of the results obtained by propagation is needed. 

We extended the results about propagation using INF propagators to the logic 
FO(ID) that extends FO with inductive definitions. Whether the results about 
representation by a monotone definition or symbolic propagation carry over to 
inductive definitions, is an open question. Further transfer of techniques developed 
in the constraint programming community to improve propagation for FO, is also 
an interesting direction for future work. 

FO and FO(ID) can also be extended with aggregates [Pelov et al. 2007]. In many 
cases, the use of aggregates yields more succinct theories [Simons et al. 2002], and 
often faster reasoning [Fabcr ct al. 2008]. Aggregates appear in many real-life 
applications. The extension of our propagation method to aggregates is described 
in Appendix A. 

Finally, we discussed several applications that rely on constraint propagation as 
basic form of inference. 
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A. AGGREGATES 

Aggregates are (partial) functions that have a set as argument. An example is 
the function card returning the cardinality of a set. In many cases, the use of 
aggregates yields more succinct theories [Simons et al. 2002], and often faster rea- 
soning [Faber et al. 2008]. Aggregates appear in many real-life applications. 

In this section, given a domain D we assume that there are two types of variables: 
variables that can take values among all elements of D, and variables that only 
take values among the elements in D that are real numbers. That is, we assume 
a restricted form of many-sorted logic. Furthermore, we assume that formulas and 
structures are well-typed, in the sense that terms occurring at a position where only 
a number can sensibly occur, evaluate in every structure to a number. For instance, 
in a term x + 1, x should be a variable only ranging over real numbers. Ternovska 
and Mitchell [2009] and Wittocx [2010] provide more detailed descriptions about 
including arithmetics in FO. 

A.l FO with Aggregates 

We denote the extension of FO with aggregates by FO(AGG). A set expression in 
FO(AGG) is an expression of the form {x \ ip}, where a; is a tuple of variables and 
p a formula. 4 The value of set expression {x | p} in structure / under variable 
assignment 9 is denoted by 19({x \ ip}) and defined by {d \ I9[x/d] |= p}. A set V 
of tuples of domain elements is numeric if for each d e V, the first element of d is 
a real number. 

In this paper, we consider the aggregate function symbols CARD, SUM, prod, 
MIN and MAX. An aggregate term is an expression of the form CARD(V), SUM(V), 
prod(1 / ), min(V) or max(V), where V is a set expression. An aggregate atom is 
a formula of the form x < f(V) or x > f(V), where a; is a variable and f(V) an 
aggregate term. An FO(AGG) formula is defined like an FO formula, except that 
atoms may be FO atoms as well as aggregate atoms. 5 We use formulas of the form 
t < f(V) and t < f(V), where t is a term and f(V) an aggregate term as shorthands 
for the formulas 3x (t — xAx < f(V)), respectively 3x3y (t = xAx < yAy < f(V)). 
Similarly for formulas of the form t > f(V) and t > f(V). 

For a set of tuples V, we define CARD(V) to be the cardinality of V. If V is 
numeric, we define: 

- SUm(V) = if V = and SUM(V) = J2( ai a„)ev( a i) otherwise; 

- PROD(V) = 1 if V = and prod(V) = II(a 1 ,....a„)ev ( a i) otherwise; 

- MIN(V) = +oo if V = and MIN(V) = min{ai | (a l7 . . . , a„) e V} otherwise; 

- MAx(y) = -oo if V = and max(V) = max{ai | (ai, . . . ,a n ) £ V} other- 
wise. 

Let J be a finite structure with domain D and 9 a variable assignment. The 



4 The only difference between queries and set expressions is that a formula ip in set expression 
{x | ip} may contain free variables that are not among x. 

5 One can generalize FO(AGG) by allowing aggregate terms in every position where an FO term 
is allowed. We use the restricted version here to facilitate the presentation. There exists an 
equivalence preserving transformation from the more general version to the restricted one. 
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satisfaction relation for FO(AGG) is denned by adding the following base cases 
to the satisfaction relation for FO: 

- 19 \= x < f(V) if 6{x) is a real number and 9{x) < f(I9(V)): 

- I6\=x> F(V) if 9{x) is a real number and 9{x) > f(I9(V)). 

To define the value of an aggregate atom in a three-valued structure, we first 
introduce three-valued sets. A three-valued set is a set where each element is an- 
notated with one of the truth values t,f or u. We denote the annotations by 
superscripts. A three-valued set V approximates a class of sets, namely all sets 
that certainly contain the elements of V annotated by t and possibly some of the 
elements of V annotated by u. For example, {a*, & f , c u } denotes a three- valued set, 
approximating the sets {a} and {a,c}. 

In a three-valued structure I, a set expression {x | ip} evaluates under variable 
assignment 9 to the three- valued set 19{{x \ ip}) := {d \ I9[x/d](ip) = v}. The 
minimal value I9(F(V)) m i n of an aggregate term f(V) in I under 9 is defined by 

I9(F(V)) m i n = min{n | n = f(v) for some v approximated by I9(V)}. 

Similarly, the maximal value of f(V) is defined by 

I0(F(V)) max = max{n | n = f(v) for some v approximated by I9(V)}. 

The truth value of an FO(AGG) formula ip in structure I under variable assignment 
9 is defined by adding the following cases to the definition of the truth value of an 
FO formula: 

t if 9{x) is a real number and 9(x) > /#(F(V)) max 
u if 9{x) is a real number and 9(x) > I9(F(V)) m i n and 

9{x) < J0(F(V)) max 
f otherwise. 

t if ^(a;) is a real number and 9(x) < I6(F(V)) m i n 
u if 9{x) is a real number and 9(x) > I9(F(V)) m [ n and 

0(x) < I6(F(V)) max 
f otherwise. 

Pclov et al. [2007] illustrate that this definition of the value of FO(AGG) formulas 
in three-valued structures is sufficiently precise for most applications found in the 
literature. They also show that the value of an FO(AGG) formula in a three-valued 
structure I can be computed in polynomial time in |7|. 

A.2 Propagation for FO(AGG) 

To extend the propagation method to theories containing aggregates, the definition 
of INF sentences is extended to include aggregates. As in the case of FO, a propaga- 
tor with polynomial-time data complexity is associated to each of these sentences. 
Next, it is shown that every FO(AGG) theory over a vocabulary S can be converted 
to a S-equivalent theory of INF sentences. To represent propagation on FO(AGG) 
theories as a rule set and to allow symbolic propagation, the definition of ip ct and 
(fid is extended to formulas <p that may contain aggregates. 

ACM Transactions on Computational Logic, Vol. V, No. N, June 2011. 



- I9(x > f(V)) = < 



- I9(x < f(V)) = < 



Constraint Propagation for Extended First-Order Logic • 35 



Definition A.l. A FO(AGG) sentence ip is in implicational normal form (INF) 
if it is of the form Vx(?/> =>■ L[x]), where L[x) is a literal that does not contain 
an aggregate and ip is a formula. The result of applying the INF propagator J'f 
associated to ip on a three-valued structure I is defined as in Definition 4.2. If I is 
strictly four- valued, then we define J? V (I) = T-». 

Proposition A. 2. For every INF sentence p, is a monotone propagator 
with polynomial-time data complexity. 

The proof of this proposition is analogous to the proof of Proposition 4.4. 

We now show that every FO(AGG) theory T over vocabulary S can be converted 
to a S-equivalent theory containing only INF sentences. Similarly as in the case of 
FO theories, we present a conversion in several steps. None of the steps preserves 
complete propagation. The following example indicates that even for very simple 
theories, complete polynomial-time propagation is impossible if P 7^ NP. 

Example A. 3. Let T be the theory containing the sentence SUM{x | P(x)} = n, 
where n is a natural number. Let I be a finite structure with domain DcN such 
that P J (d) = u for every d e D. Then T {I) ^ iff J2dev d = 71 for some 
subset VCD. Deciding whether such a subset exists is NP-complete [Sipser 2005]. 
Hence if P 7^ NP, ff T cannot be implemented by a polynomial-time algorithm. 

Definition A. 4. A FO(AGG) sentence ip is in equivalence normal form (ENF) if 
ip is an FO sentence in ENF or ip is of the form VxVz (L[x, z] <^> z > F{y \ L'[x, y]}) 
or VxVz (L[x,z] z < F{y | L'[x,y]}). 

Every FO(AGG) theory T over S can be rewritten to a S-equivalent theory in ENF 
by applying Algorithm 4.9. 

A. 3 From FO(AGG) to INF 

Similarly as for FO sentences in ENF, a set INF(^) of INF sentences is associated to 
each ENF sentence ip containing an aggregate. Our definition of this set is inspired 
by the propagation algorithms for propositional aggregates in the model generator 
MiniSAT(ID) [Marien 2009]. These algorithms aim to restore bounds consistency. 
Intuitively, the propagators associated to the INF sentences we present, express 
that if some formula y > f{x | L[x]} must be true and the assumption that L[d] 
is true (respectively false) would imply that y is strictly smaller than f{x \ L[x]}, 
then L[d] must be false (respectively true). Similarly for formulas of the form 
y<F{x\ L[x}}. 

The following definition extends the definition of INF(y>) to the case where tp is 
an ENF sentences containing an aggregate expression. 

Definition A. 5. Let ip be an ENF sentence of the form MxNz (H[x,z] z > 
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F({y | L[x,y]})). Then INF(y>) is the set of INF sentences 



VxVz (z > f(V) H[x,z}), 



(25) 
(26) 
(27) 
(28) 
(29) 



WVz (z < f(V) => ^H[x,z]), 



VrrVzVy' (H[x, z] A z < F{{y \ y + y' A L[x,y]}) => £[x,y']), 
VirVzVy' (fr[s, z]AK F({y | y = y' V L[x,y]}) => y']), 
VrrVzVy' (-,#[3;, z] A z > F({y | y ^ y' A L[a?,y]}) => y']), 



VzVzVy' {->H[x,z] A z > F{{y \ y = y' V L[x,y]}) ^> -.L[S,y']). (30) 

For an ENF sentence of the form VxVz z] <S=> z < f(F)), INF(i^) is defined 

similarly (it suffices to replace '<' by '>' and '>' by '<' in sentences (25)-(30)). 

The INF sentences 27 and 29 evaluate the aggregate on the set of tuples selected 
by the set expression but y' and express conditions for which the original ENF 
sentence tp cannot be true unless y' is selected by the set expression. Similarly, the 
INF sentences 28 and 30 evaluate the aggregate on the set of the tuples selected by 
the set expression extended with y' and expresses conditions for which the original 
ENF sentence <p cannot be true unless y' is not selected by the set expression. 

Each of the sentences in INF(<p) is implied by <p. Vice versa, INF(t^) clearly 
implies ip for every ENF sentence ip. Hence, we obtain the following proposition. 

PROPOSITION A. 6. INF(</?) is equivalent to p for every ENF sentence p. 

A. 4 Rule Sets and Symbolic Propagation 

To represent propagation for FO as a rule set and to define symbolic propagation 
for FO theories, we relied on the fact that the value of an FO formula p in a three- 
valued structure can be found by computing the value of the negation-free formulas 
ipct and p c f. Under certain conditions, it is possible to extend the definition of <p c t 
and ipd to FO(AGG) formulas p. This immediately lifts the results of Section 4.2 
and Section 5 to FO(AGG). 

It is beyond the scope of this paper to properly state the definition of <p ct and 
p c f for an FO(AGG) formula p, and the conditions under which this definition is 
the correct one. We refer the reader to [Wittocx 2010, pages 90-91 and 181-184] 
for these results. The results are correct for finite structures, embedded in infinite 
background structures. Relatively simple formulas p ct and <p c f are obtained under 
the extra condition that all numbers that occur in structures are strictly positive 
and larger than 1. If arbitrary real numbers are allowed, the formulas p ct and p c f 
become so complicated that they are not useful in practice. 

B. PROOFS 

Proof of Proposition 2.2 

Denote the vocabulary S U {P} by £' and let / be a S-structure. Any expansion of 
/ to £' that satisfies the sentence Vx (P(x) ip[x]) necessarily assigns {x | 
to P. Hence, such an expansion satisfies ip' iff / |= p. 

Proof of Proposition 2.6 

Follows directly from the definition of p ct and p c f. 
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Proof of Proposition 3.1 

Let I and J be two finite E-structure with the same domain. Denote their cor- 
responding CSPs by (Cp,Vj, domj) , respectively (Cp , Vj , dom j) . Then Vj = Vj. 
Also, I < p J iff domj D domj. Therefore, / is domain reducing iff 0(1) > p I for 
every structure /. 

Function / is a propagator iff (Cp, Vj, domj) and (Cp, Vj, dom Q ^) have the same 

solutions. Because of the correspondence between models of T approximated by I, 
respectively 0(1), and solutions of (Cp,Vj, dorrij), respectively (Cp,Vj, dom ^) , 

it follows that / is a propagator iff the models of T approximated by / are precisely 
the models of T approximated by 0(1). 

We conclude that O is a propagator for T iff / is a domain reducing propagator 
for CSPs of the form {Cp, Vj, dorrij). 

Proof of Lemma 3.2 

Since 0\ and 2 are propagators, / < p 2 (I) < p 0\(0 2 (I)) = (0\ o 2 )(I) for 
every structure /. If J \= T\ U T 2 and / < p J, then 2 (I) < p J and therefore also 
0\(0 2 (I)) < p J. Hence 0\ o 2 is a propagator. 

Proof of Proposition 3.3 

Let O' be a propagator for T' . Then for every S-structure /,/=(/+ -L^j^Ie <p 
(0'(/ + _l|, p > e ))| e = 0(I). If J is a model of T such that I < p J, then there 
exists an expansion J' of J to X' such that J' \= T' . Because O' is a propagator, 
0'(/+_L^ E ) < p J' and therefore 0(1) < p J. We conclude that O is a propagator. 
It is straightforward to check that if O' is monotone, O is also monotone. 

Proof of Proposition 3.5 

Recall that we defined |/| as the cardinality of the domain of /. We prove that 
every sequence I ~ Jq < p J\ < p . . . < p J n has length polynomial in |/|. Denote 
by Np the number of predicate symbols in E. Let Ap be the maximum arity of a 
predicate symbol in E. 

Since the sequence is increasing in precision, for every predicate symbol P the 
number of i such that P^ J ^ C p* t f ( J,+1 ) [ s a t most |/|" 4p - Similarly, p* f f< - J *- ) changes 
at most \I\ Ap times in the sequence. Because (Ji)o<i< n is strictly increasing in 
precision, there is for every < i < n at least one predicate P such that P Ji ^ 
pJi+i Combining these results gives a maximum length of 2 • \I\ Ap ■ N P for the 
sequence (Ji)o<i< n - Clearly, this is polynomial in |/|. 

Proof of Proposition 3.6 

Let (J^)o<^< a and (^)o<^<^ be two stabilizing ^-refinement sequences from /. 
Let (Z^) <5<^ the sequence of structures defined by 

- Lq = J a , 

= O(L^) for every ordinal < £ < a, where O is a propagator from V 
such that K^+i = O(K^), 
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- L\ = lub< p ({Z/£ | < £ < A}) for every limit ordinal A < a. 

Because (J^)o<^< a is stabilizing, it follows that Lp — J a . Since I < p J a , we have 
that Kp < p Lp. Hence, we obtain that Kp < p J a . Similarly, we can derive that 
Ja <p Kp. Hence J a = Kp. It follows that every stabilizing T^-rcfincmcnt sequence 
from / has the same limit, namely J a . 

Proof of Proposition 3.7 

Follows immediately from the fact that {M | I < p M and M |= T} is a superset of 
{M \ J < p M and M \= T} if / < p J. 

Proof of Proposition 3.8 

To prove the proposition, we show that P°^(d) < p P e {I \d) for any domain atom 
P(d). If P°^ I \d) = i, it follows from the fact that O is a propagator that there is 
no model of T approximated by /. From the definition of 6 T , we conclude that also 
pff T (i)(d) = i. If on the other hand P°^(d) = t or P° { ^(d) = f, then P(d) is true, 
respectively false, in every model of T approximated by /. Therefore P e ^\d) > p 
t, respectively P 0T ^(d) > p f, in this_case. It follows that P°W(d) < p ff T (T)(d) 
for every domain atom of the form P(d). 

Proof of Proposition 4.4 

Since ip is an INF sentence, it is of the form Va; (ip => P[x])- Let P be the predicate 
in L[x], i.e., L[x] is either the positive literal P(x) or the negative literal ->P(x). 

It follows directly from the definition of J'^ that / < p J? V {I) for every structure 
/. Now let J be a structure such that I < p J and J |= ip. To show that J v is a prop- 
agator, we have to prove that P'^ vlyI \d x ) < p P J (d x ) for every tuple d x of domain 
elements. If I[x/d x ](i>) < p f then P yv{! Hd x ) = P 1 \d x ) < p P J (d x ). If on the other 
hand I\x/d x ]{tp) = t, then also J[x/d x ](ip) — t and therefore J[x / d x ](L[x]) = t. 
It follows that I[x /d x ](L[x]) < p t and hence J v (I)[x /d x ](L[x}) = t. We conclude 
that P^W(d x )< p P J (d x ). 

The monotonicity of .f^ follows from the fact that I < p J implies 18{ip) < p 
J0(ip) for any two structures / and J and variable assignment 9. 

Proof of Proposition 4.7 

In the rest of this proof, let J be the structure limj?(y) (J). Observe that because 
I < p J, tf(/) <t tf(J). It now suffices to show that tf( J) is a fixpoint of Ta v and 
that tf ( J) < t M holds for every fixpoint M of T Av such that tf (I) < t M. 

We first show that tf(J) is a fixpoint of Ta v - Let Vx(^ =>■ L[x]) G V. Because J 
is the limit of a J 2r (T^)-rcfinement sequence, J0(ip) < p J6(L\x\) for every variable 
assignment 9. Hence, if tf ( J)9(ip ct ) = t, then tt(J)9(ip ct ) = t. It follows that 
rA v (tf(J)) = tf(J), i.e., tf(J) is a fixpoint of Ta v . 

To show that J is more precise than all other fixpoints of Fa v that are more 
precise than /, let (^)o<^<« be a stabilizing ^(F)-rcfinement sequence from /. 
Then K a = J. Let (L^) n <^< a be the sequence of tf(E) structures defined by 
L Q = tf(/), L i+1 = r Av (£) for every £ < a, and L\ = lub< t ({L 4 | £ < A}) for 
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every limit ordinal A < a. Because T& v is < t -monotone, it follows from Tarski's 
theorem that L a < t glb <t {M | M \= Ay and M > t tf(/)}. Since the propagators 
used in the stabilizing refinement sequence (JQ)o<£<a are part of the rule set Ay, 
it is straightforward to check that ti(K^) < t for every < £, < a; hence it 
follows that tf(J) < t glb< t {M | M |= Ay and M > t tf(J)}. 

Proof of Proposition 5.5 

If ip is the atomic formula P(y) and P* = {x \ tjj}, then <&(E)9 |= P(y) iff 9(y) € 
P*( £ ) iff 6{y) e {x | xP} E iff E6[x/6(y)] \= ip iff EO \= ip[x/y] iff E6 \= ${P(y)). 
The cases were <p is not atomic easily follow by induction. 

Proof of Proposition 5.10 

We prove the case where <p is of the form Vx (ip L[x}) and L[x] is a positive 
literal. The proof is similar in case L[x] is a negative literal. 

Let Bbea T-structure and $ a four- valued symbolic E-structure over T. Let ip be 
the INF sentence Vx (ip P(x)). Wc have to show that Sf($)(E) = ^ ($(£)). 
Therefore, we must prove that Q tf( ^ — Q t{ (-^ for every predicate 

Qetf(E). 

First assume Q ^ P ct . Then the following is a correct chain of equations. 

Qti(S v (*(£))) = Qtf(i(E)) = = (Q^(*))B = Qtf(.^ (*)(£)) (3^ 

The first and third equality follow from the definitions of J^, respectively ^f, 
and the assumption that Q ^ P ct . The second and the fourth equality apply the 
definition of $>(P). 

The following chain shows that also pW = ptf(^(*(^)) : 

p tf(^(4)(s)) = / p .^(*)\ B 

ct \ ct / 

= (p*U{x\*(i, ct )}) E 

= (p|) £ u({x|$(0 ct )}) iJ 

= P c \ f( * (£)) U {d | £[z/d] h *tyct)} 

= p c t t f(4(s)) u{d|($(i : ;))[x/d])W > p t} 

_ p tf(J^(*(£))) 
— -"ct 

The first equality follows from the definition of &(E), the second one from the 
definition of J?£, the third one from the definition of union of queries, the fourth 
one from the definition of and of query evaluation, the fifth one from Propo- 

sition 2.5, and the final one from the definition of J? v . 

Proof of Proposition A. 6 

We prove the case where <p is of the form "ixiz (P(x, z) <^=> z > F({y \ L[x,y]})). 
Clearly, ip is equivalent to the conjunction of (25) and (26). Hence we only have to 
show that (27)-(30) are implied by ip. 
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We show that (27) is implied by ip. The proofs that (28)-(30) are implied by 
ip are similar. Let J be a structure and 9 a variable assignment such that I \= p 
and 19 \= P(x,z) A z < F(y \ y ^ y' A L[x,y]). Since I \= ip and 19 |= P(x,z), 
19 \= z > F({y | L[x,y]}). Because 16 \= z < F(y \y^y'A L[x,y]), it follows that 
19({y | L[x,y]}) ^ I9(y \ y ^ y' A L[x,y]). Hence 19 \= L[x/y']. We conclude that 

1 H (27) ' 

The case where ip is of the form Mxiz {P(x, z) z < F({y \ L[x,y]})) is analo- 
gous. 
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